SYSTEMS AND METHODS FOR NEXTPROTO NEGOTIATION EXTENSION HANDLING USING MIXED MODE

摘要

This disclosure is directed to systems and methods for handling the processing of a next protocol negotiation extension for a transport layer security (TLS) session. A device, intermediary to a client and a server, may receive a client hello message from the client in a handshake to establish a transport layer security (TLS) session with the server. The client hello message may include a next protocol negotiation extension. The device may include a first TLS processor that is software based and a second TLS processor that is hardware based. The device may determine that the client hello message includes the next protocol negotiation extension. The device may establish, responsive to the determination, the TLS session using the first TLS processor. The device may process, upon establishment of the TLS session using the first TLS processor, encrypted data for the TLS session using the second TLS processor.

主权项

1. A method for handling the processing of a next protocol negotiation extension for a transport layer security (TLS) session, the method comprising:
(a) receiving, by a device intermediary to a client and a server, a client hello message from the client in a handshake to establish a transport layer security (TLS) session with the server, the client hello message comprising a next protocol negotiation extension, the device comprising a first TLS processor that is software based and a second TLS processor that is hardware based; (b) determining by the device, that the client hello message includes the next protocol negotiation extension; (c) establishing, by the device responsive to the determination, the TLS session using the first TLS processor; and (d) processing, by the device upon establishment of the TLS session using the first TLS processor, encrypted data for the TLS session using the second TLS processor.