ACE SSL Offload Advantage on End to End SSL

wshuffman · ‎05-21-2012

Is there any advantages to doing SSL termination on ACE if you are doing End to End SSL? It seems as thought it's just another place to manage certs, when you could just pass the port 443 traffic to the server and let it do the SSL decription/encryption.

ciscocsoc · ‎05-21-2012

Hi,

If you terminate on the ACE before re-encrypting you have an opportunity to look at the underlying plaintext and make decisions (e.g. cookie values).

HTH

Cathy

zhenningx · ‎05-21-2012

If you have multiple servers behind ace, you do not need to install multiple carts on each server.

Sent from Cisco Technical Support iPad App

Surya ARBY · ‎05-21-2012

centralized point of management of your certs
performances (hardware-based)
you can use strong ciphers on the client side and weaker ciphers on the server sides, reducing the load on the servers
use of SSL Reuse combined to TCP offload

There are some whitepapers available on cisco.com on this topic.

ACE SSL Offload Advantage on End to End SSL

Expressway - End-of-Life(EoL) とEnd-of-Sale(EoS) 情報

Umbrella: ローミングクライアントの EoL (End-of-Life) について

CUCM - End-of-Life(EoL) と End-of-Sale(EoS) 情報

ACE: SSL の基本設定

Room シリーズ端末 End-of-Life(EoL) とEnd-of-Sale(EoS) 情報