SSL/TLS Termination

by Bethany Hill on Security • November 19, 2020

Many internet and file sharing protocols, such as HTTPS, FTPS, SMTPS, POP3S and more rely on SSL/TLS for encryption.

SSL traffic is protected by a security certificate (SSL Certificate) used to verify the identity of the target host/service and encrypt the traffic.

SSL Termination, also known as “SSL Offloading”, is the process of decrypting SSL-encrypted traffic. The process of decrypting SSL-encrypted traffic is CPU intensive and can impact your application’s performance due to the additional processing required. 

Fortunately, modern load balancers are capable of terminating SSL traffic, reducing the burden on your backend application services, so their resources are used to execute the application’s business logic (e.g. render web-page to a user). Terminating SSL traffic at the load balancer allows centralizing SSL certificate management and renewal, and accelerating the load times of web pages by caching frequently accessed pages and images. For distributed applications comprising multiple instances, terminating SSL traffic centrally can also be used for traffic inspection, to identify and block security threats using a web application firewall.