Setting up SSL bridging, offloading or passthrough (2024)

Table of Contents
Configuring a Load Balancer for SSL bridging Configuring a Load Balancer for SSL offloading Configuring a Load Balancer for SSL passthrough FAQs

In this document, we explain some of the different configurations available when setting up your Load Balancer, in terms of how the Load Balancer should deal with encrypted traffic. The three main configurations are:

  • SSL bridging: The Load Balancer decrypts incoming HTTPS traffic, and re-encrypts it when sending to the backend server.
  • SSL offloading (aka SSL termination): The Load Balancer decrypts incoming HTTPS traffic, and sends it to the backend server unencrypted.
  • SSL passthrough: The Load Balancer does not decrypt incoming HTTPS traffic, and sends it to the backend server ‘as is’.

Read on to find out how to configure your Scaleway Load Balancer for any of these modes.

Configuring a Load Balancer for SSL bridging

SSL bridging allows the user to initiate a secure, encrypted connection with the Load Balancer thanks to the Load Balancer frontend’s SSL certificate. The Load Balancer decrypts incoming HTTPS traffic. This allows the Load Balancer to carry out layer 7 actions on the received traffic. The Load Balancer’s backend then initiates a new encrypted connection to re-encrypt traffic between the Load Balancer and the backend server, this time using the backend server’s certificate.

To configure your Load Balancer for SSL bridging:

  • The frontend must have a certificate.
  • The frontend must be linked to a backend which has TLS activated.
  • The backend server should have its own certificate.

Configuring a Load Balancer for SSL offloading

SSL offloading, also known as SSL termination, allows the user to initiate a secure connection with the Load Balancer thanks to the Load Balancer frontend’s SSL certificate. The Load Balancer decrypts incoming HTTPS traffic. Layer 7 actions may therefore be applied to the traffic at this stage. Traffic is not re-encrypted on its way from the Load Balancer to the backend server, unlike with SSL bridging. Traffic that has gone through the offloading process is marked with a new header, called X-Forwarded-Proto, which informs the backend server that the client used HTTPS to contact the Load Balancer.

To configure your Load Balancer for SSL offloading:

  • The frontend must have a certificate.
  • The frontend must be linked to a backend which uses HTTP protocol.
  • The backend server does not need its own certificate.

If you want to configure your Load Balancer for SSL offloading using the API, see our dedicated guide. If you have a Kubernetes Load Balancer configured for SSL offloading and are having SSL certificate issues, see our troubleshooting section.

Configuring a Load Balancer for SSL passthrough

Passthrough is the simplest way to handle encrypted traffic on a Load Balancer. As the name suggests, traffic is simply passed through the Load Balancer without being decrypted on it. Whilst this option generates very low overhead, no layer 7 actions can be carried out. This means that no cookie-based sticky sessions are possible with this method. In addition, if an application does not share sessions between servers, users’ sessions may get lost by being redirected to different servers of the group.

To configure your Load Balancer for SSL passthrough:

  • The frontend does not need a certificate and can listen on any port.
  • The frontend must be linked to a backend which uses TCP protocol, and the TLS toggle should be disabled in the backend configuration.
  • The backend server must listen with its HTTP server process on the same port as configured for the backend.
  • The backend server must have its own certificate.
Setting up SSL bridging, offloading or passthrough (2024)

FAQs

What is the difference between SSL passthrough and SSL bridging? ›

SSL passthrough forwards encrypted traffic directly to the backend servers, which can improve security and support end-to-end encryption. SSL bridging decrypts SSL traffic at the load balancer, allows for monitoring and analysis of traffic, and re-encrypts the traffic before forwarding it to the backend servers.

Read On
What is the difference between SSL offload and passthrough? ›

SSL offloading (aka SSL termination): The Load Balancer decrypts incoming HTTPS traffic, and sends it to the backend server unencrypted. SSL passthrough: The Load Balancer does not decrypt incoming HTTPS traffic, and sends it to the backend server 'as is'.

Discover More Details
Do I need SSL offloading? ›

Benefits of SSL Offloading

This results in smooth loading of the website and faster processing of requests at the end of the web application. It may also aid in HTTPS inspection, reverse proxy, traffic control, persistence of cookies, etc., depending on what kind of SSL load balancer you have installed at your end.

Continue Reading
How to setup SSL offloading? ›

To configure SSL offloading:
  1. Navigate to App_Config\Include\Examples folder.
  2. Remove the . example extension from Sitecore. LoadBalancing. config. example .
  3. Change the settings in Sitecore. LoadBalancing. config according to your load balancer's settings.
  4. Repeat steps 1-3 on all instances behind the load balancer.

See Details
What is the difference between bridge and passthrough? ›

Bridge mode is commonly used to extend network coverage without creating separate subnets. Passthrough mode is often used when customers want to have their own router or firewall device and bypass the one provided by their ISP.

Find Out More
Is SSL passthrough secure? ›

SSL passthrough process is a secure data transfer process since encrypted data is transferred between the load balancer and the server. It is good for crucial web applications and other data.

Tell Me More
What is the difference between offload and pass? ›

The attacking player who receives the offload is either tackled before they reach the gain-line or they reach the gain-line but are then moved behind it by the defensive team (Biscombe and Drewett, 2010). A forward pass occurs when the attacking player performing the offload passes the ball forward to a team-member.

Show Me More
What is SSL offloading and its benefits? ›

SSL offloading is the process of removing the SSL-based encryption from incoming traffic to relieve a web server of the processing burden of decrypting and/or encrypting traffic sent via SSL. The processing is offloaded to a separate device designed specifically for SSL acceleration or SSL termination.

Explore More
What is an SSL bridge? ›

SSL bridging is a process where a device, usually located at the edge of a network, decrypts SSL traffic and then re-encrypts it before sending it on to the Web server.

Continue Reading
Is SSL obsolete? ›

SSL (Secure Sockets Layer) is a historical and obsolete cryptographic protocol that was initially designed by Netscape to protect communications over the internet.

Show Me More

What happens if I turn off SSL? ›

Disabling SSL can create a security exposure where a malicious user within the network can attack the system.

Read The Full Story
Why is SSL bypass needed? ›

The SSL Decryption Bypass option enables you to define specific websites that are not subject to decryption as they flow through the proxy. Some websites may include personal identification information that should not be decrypted.

See Details
What is the difference between SSL termination and offload? ›

SSL Offloading, also known as SSL termination or SSL decryption, is a technique where SSL traffic is decrypted at the load balancer and then forwarded to the backend servers as unencrypted HTTP traffic.

Get More Info Here
What is the difference between SSL decryption and SSL offloading? ›

SSL encoding ensures user communications are secure. The encryption and decryption of SSL are CPU intensive and can put a strain on server resources. In order to balance the compute demands of SSL encryption and decryption of traffic sent via SSL connections, SSL offloading moves that processing to a dedicated server.

Continue Reading
What is the difference between SSL and TLS? ›

However, SSL is an older technology that contains some security flaws. Transport Layer Security (TLS) is the upgraded version of SSL that fixes existing SSL vulnerabilities. TLS authenticates more efficiently and continues to support encrypted communication channels.

View More
What is the difference between routed and bridged mode? ›

In this mode, the router primarily focuses on forwarding network traffic within the same network segment rather than routing it between different networks. In bridge mode, the router acts as a bridge or a link between devices within the same network, allowing them to communicate directly.

View Details
What is the difference between SSL OV and SSL EV? ›

OV SSL Certificates. EV certificates provide more security and a higher level of trust, but OV certificates are simpler to attain. An EV code signing certificate is required to sign Windows 10 drivers.

See More
What is the difference between routing and bridging? ›

Routers and bridges differ in several ways. First, routers can connect different networks, while bridges can only connect segments of the same network. Second, routers use logical addresses, while bridges use physical addresses. Third, routers can handle different network protocols, while bridges can only handle one.

Learn More
Top Articles
How to use Connect a Computer to install Dropbox
How To Check if Samsung Mobile is an Original
Kem Minnick Playboy
Tv Guide Bay Area No Cable
Owatc Canvas
Morgan Wallen Pnc Park Seating Chart
Classic Lotto Payout Calculator
Seattle Rpz
Buy PoE 2 Chaos Orbs - Cheap Orbs For Sale | Epiccarry
[Birthday Column] Celebrating Sarada's Birthday on 3/31! Looking Back on the Successor to the Uchiha Legacy Who Dreams of Becoming Hokage! | NARUTO OFFICIAL SITE (NARUTO & BORUTO)
Who called you from +19192464227 (9192464227): 5 reviews
Buy Swap Sell Dirt Late Model
Daylight Matt And Kim Lyrics
Everything you need to know about Costco Travel (and why I love it) - The Points Guy
Program Logistics and Property Manager - Baghdad, Iraq
Kcwi Tv Schedule
Rs3 Eldritch Crossbow
Military life insurance and survivor benefits | USAGov
Theater X Orange Heights Florida
Ivegore Machete Mutolation
Boston Dynamics’ new humanoid moves like no robot you’ve ever seen
UMvC3 OTT: Welcome to 2013!
Construction Management Jumpstart 3Rd Edition Pdf Free Download
Hefkervelt Blog
Labcorp.leavepro.com
Ticket To Paradise Showtimes Near Cinemark Mall Del Norte
O'reilly's In Mathis Texas
Is Henry Dicarlo Leaving Ktla
Motorcycle Blue Book Value Honda
Sinfuldeed Leaked
10 Best Quotes From Venom (2018)
Pdx Weather Noaa
Gus Floribama Shore Drugs
Stolen Touches Neva Altaj Read Online Free
Craigslist Ludington Michigan
Foolproof Module 6 Test Answers
Babylon 2022 Showtimes Near Cinemark Downey And Xd
20+ Best Things To Do In Oceanside California
PruittHealth hiring Certified Nursing Assistant - Third Shift in Augusta, GA | LinkedIn
Puretalkusa.com/Amac
Pain Out Maxx Kratom
Booknet.com Contract Marriage 2
Dr Mayy Deadrick Paradise Valley
15 Best Places to Visit in the Northeast During Summer
Graduation Requirements
Automatic Vehicle Accident Detection and Messageing System – IJERT
Bones And All Showtimes Near Emagine Canton
How To Find Reliable Health Information Online
Bomgas Cams
OSF OnCall Urgent Care treats minor illnesses and injuries
Latest Posts
Planning your healthcare
How to Accept Credit/ Debit Card Payments on Your Mobile Phone | SimplyPayMe
Article information

Author: Horacio Brakus JD

Last Updated:

Views: 6556

Rating: 4 / 5 (51 voted)

Reviews: 90% of readers found this page helpful

Author information

Name: Horacio Brakus JD

Birthday: 1999-08-21

Address: Apt. 524 43384 Minnie Prairie, South Edda, MA 62804

Phone: +5931039998219

Job: Sales Strategist

Hobby: Sculling, Kitesurfing, Orienteering, Painting, Computer programming, Creative writing, Scuba diving

Introduction: My name is Horacio Brakus JD, I am a lively, splendid, jolly, vivacious, vast, cheerful, agreeable person who loves writing and wants to share my knowledge and understanding with you.