HP P4522A - Traffic Management Server Sa8220 User Manual page 31

C H A P T E R 2
Client
are performed either at the server level, by web servers generally
providing SSL functionality by way of standalone software
components, or by embedded encryption software.
The HP methodology places encryption processing on the network
side, thus eliminating the need for processing on the servers (see the
figure on the next page). The servers never see any of the SSL
connection dialogue or the encrypted data. This removes a substantial
processing load from the servers allowing improved response times
and greater availability of system resources.
Server Server Server
1. Client connects to server
2. Server responds with certificate
3. Client encrypts random key
4. Server generates working key
5. Session established
Server Server
1.
SA8220
2. SA8220 responds with SSL ServerHello
3. SA8220 sends certificate for server
4. Client sends ClientKeyExchange message;
5. SA8220 and client send ChangeCipherSpec
6. SA8220 and client send "finished" messages;
7. Encrypted data sent to SA8220, decrypted and
8. Clear response sent to SA8220, encrypted and
Client
Basic SSL Operations
SSL Fundamentals (SA8200/SA8220 only)
Server
Client connects to SA8220 with ClientHello
(includes ciphers supported)
(includes selected cipher & session ID)
includes PK (session key)
message to indicate readiness
includes hash of whole conversation
forwarded to least busy server
sent to client.
19