HP e-Commerce / XML director server appliance sa8250 - Users Guide
C H A P T E R 2 SSL Fundamentals
37
The SA8250 places encryption processing on the network side, thus
eliminating the need for processing on the servers. The servers never
see any of the SSL connection dialogue or the encrypted data. This
removes a substantial processing load from the servers allowing
improved response times and greater availability of system resources.
Basic SSL Operations
SA8250
1. Client connects to SA8250 with ClientHello
(includes ciphers supported)
2. SA8250 responds with SSL ServerHello
(includes selected cipher & session ID)
3. SA8250 sends certificate for server
4. Client sends ClientKeyExchange message;
includes PK (session key)
5. SA8250 and client send ChangeCipherSpec
message to indicate readiness
6. SA8250 and client send "finished" messages;
includes hash of whole conversation
7. Encrypted data sent to SA8250, decrypted and
forwarded to least busy server
8. Clear response sent to SA8250, encrypted and
sent to client.
1. Client connects to server
2. Server responds with certificate
3. Client encrypts random key
4. Server generates working key
5. Session established
E
n
c
r
y
p
t
e
d
T
r
a
f
f
i
c
Client
Client
Server Server Server
Server Server Server