![]() Have the private keys for the destination server loaded into the device. Corporates can do this, just deploy their own "trusted" CA. To pull off that M-i-t-m, they have two ways: to screw around with your SSL system's root certificates. You DO have the option, of course, doing a man-in-the-middle-attack, where you decrypt the traffic on the device, subject that to caching, and re-encrypt it once it leaves the other matched device (presumably the WAN-accelerator-to-WAN-accelrator link is also encrypted.).īUT ISPs cannot do this. The patterns are never repeated, and thus you don't get to cache anything. Each SSL session is unique - the data patterns are low entrophy nearly random noise, from the point of view of these devices. (Lower latency too - because that 100 kb word doc comes out of cache rather than across the line.) #Timbuktu ssh proxy server software#Now imagine it only gets sent once, without any software seeing anything but normal, ordinary, IMAP.) It just recognises patterns in the TCP traffic, not caring what those patters actually represent. (Imagine if you send the same 100 kb word attachment to every end user. Transparent caching of file share traffic. Transparent caching of all interal web browsing. Yes, they have to keep in synch and all that.) (Basically a matched pair - when one end sends a particular packet the pair of devices has seen before, just the reference to that pattern is sent. What do they do? They automatically cache repeated TCP traffic patterns against all traffic sent to and from the head office. (And these devices are designed to help get the best out of that private frame relay link you've got as well as VPNs.) You put one of these on/instead of the the gateway router at the head office, and another at the same gateway at the branch (just inside your network) so all your traffic is going through them. Say you have an office out in timbucktoo and a head office. They're used for either dedicated WAN links or for VPN links. These products aren't used for Internet connections. You do realise it's simply not possible for ISPs to screw with SSL traffic? That's the whole point of this. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |