{"id":7763,"date":"2018-10-25T16:42:04","date_gmt":"2018-10-25T20:42:04","guid":{"rendered":"https:\/\/www.thesslstore.com\/blog\/?p=7763"},"modified":"2024-05-20T16:25:18","modified_gmt":"2024-05-20T20:25:18","slug":"ssl-offloading-bridging-termination","status":"publish","type":"post","link":"https:\/\/www.thesslstore.com\/blog\/ssl-offloading-bridging-termination\/","title":{"rendered":"SSL Offloading: What is it? How does it work? What are the benefits?"},"content":{"rendered":"

What is SSL Offloading? Performing SSL at the Load Balancer level.<\/h2>\n

Today we\u2019re going to cover a question that comes up from time to time, and may seem especially foreign to people without an IT background: What is SSL offloading? We\u2019ll give a quick overview of what SSL offloading means, why you may want to do it and whether you should.<\/p>\n

One of the misnomers about SSL\/TLS and really with the way the internet works in general is that it\u2019s a 1:1 connection. A person\u2019s computer connects directly with a web server and communication goes directly from one to the other. In reality, it\u2019s far more complicated than that, with sometimes upwards of a dozen stops between end points.<\/p>\n

That\u2019s an important piece of information to keep in mind as we start getting into SSL offloading.<\/p>\n

So, what is SSL offloading and how does it work?<\/p>\n

Let\u2019s hash it out\u2026<\/span><\/p>\n

What is SSL offloading?<\/h2>\n

\"SSLBefore TLS 1.3<\/a>, even before TLS 1.2, frankly, SSL\/TLS used to legitimately add latency to connections. That\u2019s what lent itself to the perception that SSL\/TLS slowed down websites. Ten years ago, that was the knock on SSL certificates. \u201cOh they slow down your site.\u201d And that was true at the time.<\/p>\n

It\u2019s not today, but in the past SSL\/TLS was considered a bit resource hungry. For starters, you have the SSL\/TLS handshake. It\u2019s been refined to where it\u2019s now a single roundtrip in TLS 1.3<\/a>, but before that it took several roundtrips<\/a>. Then, following the handshake, additional processing power had to be exerted to encrypt and decrypt the data being transmitted<\/a>. As the additional load from SSL\/TLS increases on the server, it\u2019s no longer able to process at full capacity.<\/p>\n

Again, a lot of this has been cleaned up in TLS 1.3<\/a>, and HTTP\/2<\/a> – which requires the use of SSL\/TLS – helps to increase performance even more, but even with all of those improvements, SSL\/TLS can still add latency with higher volumes of traffic.<\/p>\n

So, what is SSL offloading? Well, to help offset the extra burden SSL\/TLS adds, you can spin up separate Application-Specific Integrated Circuit (ASIC) processers that are limited to just performing the functions required for SSL\/TLS, namely the handshake and the encryption\/decryption. This frees up processing power for the intended application or website. That\u2019s SSL offloading in a nutshell. Sometimes it\u2019s also called load balancing. You may hear the term load balancer tossed around. A load balancer is any device that helps improve the distribution of workloads across multiple resources, for instance distributing the SSL\/TLS workload to ASIC processors.<\/p>\n<\/span><\/span>\n

What are the advantages of SSL offloading?<\/h2>\n

\"SSLSSL offloading has several benefits:<\/p>\n