| 词条 | TLS termination proxy |
| 释义 |
A TLS termination proxy (or SSL termination proxy[1]) is a proxy server that is used by an institution to handle incoming TLS connections, decrypting the TLS and passing on the unencrypted request to the institution's other servers (it is assumed that the institution's own network is secure so the user's session data does not need to be encrypted on that part of the link). TLS termination proxies are used to reduce the load on the main servers by offloading the cryptographic processing to another machine, and to support servers that do not support SSL, like Varnish. A variant configuration is where encryption is done on the 'front-end' towards the Internet, and on the private 'back-end' network as well. This is generally referred to as "SSL/TLS forward proxy".[2][3][4] It is usually done to allow an intrusion detection system to analyze the traffic. Another advantage of a forward TLS proxy is that it can reduce client latency if they would otherwise be geographically distant from the servers behind the proxy. This is because in most cases, with the exception of TLS1.3 0-RTT, there are several round trips involved in negotiating the TLS connection. ==Servers capable of acting as a TLS/SSL termination proxy==
References1. ^[https://f5.com/glossary/ssl-termination SSL Termination], F5 Networks. {{software-stub}}2. ^{{cite web | url = https://www.juniper.net/documentation/en_US/junos-space15.2/topics/concept/junos-space-ssl-forward-proxy-overview.html | title = SSL Forward Proxy Overview | publisher = Juniper Networks }} 3. ^{{cite web | title = SSL Forward Proxy | url = https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/decryption/ssl-forward-proxy | publisher = Palo Alto Networks }} 4. ^{{cite web | title = Overview: SSL forward proxy client and server authentication | url = https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ssl-administration-11-6-0/13.html | publisher = F5 Networks }} 5. ^{{cite web|url=https://support.cloudflare.com/hc/en-us/articles/200170416-What-do-the-SSL-options-mean-|title= What do the SSL options mean?|publisher=Cloudflare }} 6. ^{{cite web|url=https://lyft.github.io/envoy/docs/intro/arch_overview/ssl.html#tls |title= How to configure TLS termination in Envoy |publisher=Lyft }} 7. ^{{cite web|url=https://www.balabit.com/sites/default/files/documents/zorp-latest-guides/en/zorp-gateway-tutorial-https/html-single/index.html#one-sided-https |title= How to configure HTTPS proxying in Zorp 6 |publisher=Balabit }} 8. ^{{cite web|url=https://www.balabit.com/sites/default/files/documents/zorp-latest-guides/en/zorp-gateway-guide-reference/html/understanding-encryption-policies.html |title=Zorp Professional 6 Reference Guide |publisher=Balabit }} 1 : Transport Layer Security |
| 随便看 |
|
开放百科全书收录14589846条英语、德语、日语等多语种百科知识,基本涵盖了大多数领域的百科知识,是一部内容自由、开放的电子版国际百科全书。