SSL Offloading 101: Definition, Processes & Objectives
SSL offloading involves using a dedicated server for all SSL encryption and decryption. Dealing with traffic in this way frees up your main server to handle all other tasks associated with serving your visitors.
What is SSL offloading?
More than 90 percent of internet traffic is encrypted. That scrambling (and unscrambling) of critical data requires processing. An SSL load balancer handles this task for you.
Let's begin by explaining SSL, or the Security Socket Layer. This protocol helps to keep internet traffic safe and secure. During SSL handshakes, a device and a server communicate via encryption. Messages come in scrambled, they must be decoded, and then the response is scrambled again.
An SSL load balancer handles these tasks. That could mean that your site loads faster, works better, or both.
Two main types of SSL offloading exist:
- SSL termination: Your SSL load balancer sits on the edge, and it grabs all incoming traffic. After decryption, the balancer passes on the traffic via non-encrypted means.
- SSL bridging: Your SSL load balancer sits on the edge and grabs all incoming traffic. After decryption, the balancer encrypts again and passes it to the server.
Should you use SSL offloading?
Few organizations want to make their computing systems yet more complex. But there are plenty of reasons to consider SSL offloading.
Known advantages include:
- Server preservation. When your main servers aren't forced to deal with encryption and decryption, they are freed up to serve your visitors.
- Traffic regulation. Some load-balancing systems allow you to scale back traffic as needed to avoid a crash.
- Added safety. Your extra server could catch malicious traffic the main server might miss or overlook.
In general, if you have a very large site that gets plenty of traffic, SSL offloading could make a lot of sense. Google, with its estimated 93 billion monthly visitors, likely relies on load balancing.
But if your site is very small and you can handle the traffic you have, adding complexity may not be useful for you.
If you do need SSL offloading, you'll route SSL requests to your designated device, and you'll tell it to forward that traffic to the proper server. You'll need a valid SSL certificate, of course.
Looking for more ways to secure your traffic? We can help. Contact us at Okta for personalized recommendations.
References
HTTPS Encryption Traffic on the Internet Has Exceeded 90 Percent. (November 2019). InfoTech News.
The World's Top 50 Websites. (January 2021). Visual Capitalist.