{{Short description|Proxy server acting as an intermediary between client and server}} [[File:SSL termination proxy.svg|thumb|Incoming HTTPS traffic gets decrypted and forwarded to a web service in the private network.|480px]] A '''TLS termination proxy''' (or '''SSL termination proxy''',<ref>{{Cite web |title=What is SSL Termination? |url=https://www.f5.com/glossary/ssl-termination |url-status=live |archive-url=https://web.archive.org/web/20240608073948/https://www.f5.com/glossary/ssl-termination |archive-date=2024-06-08 |access-date=2024-06-08 |publisher=F5 Networks |language=en-US}}</ref> or '''SSL offloading'''<ref>{{Cite web |title=Setup IIS with URL Rewrite as a reverse proxy |date=25 August 2016 |url=https://docs.microsoft.com/fr-fr/archive/blogs/friis/setup-iis-with-url-rewrite-as-a-reverse-proxy-for-real-world-apps |publisher=Microsoft |access-date=8 June 2024 |archive-date=15 August 2022 |archive-url=https://web.archive.org/web/20220815002534/https://docs.microsoft.com/fr-fr/archive/blogs/friis/setup-iis-with-url-rewrite-as-a-reverse-proxy-for-real-world-apps |url-status=live}}</ref>) is a [[proxy server]] that acts as an [[intermediary]] point between [[Client (computing)|client]] and [[Server (computing)|server]] applications. It is used to terminate and/or establish [[Transport Layer Security|TLS]] (or [[Datagram Transport Layer Security|DTLS]]) [[Tunneling protocol|tunnels]] by decrypting and/or encrypting communications. This differs from '''TLS pass-through proxies''', which forward encrypted (D)TLS traffic between clients and servers without terminating the tunnel.
==Uses==
TLS termination proxies can be used to: * secure [[plaintext]] communications over untrusted networks by tunnelling them in (D)TLS, * allow inspection of encrypted traffic by an [[intrusion detection system]] to detect and block malicious activities, * allow [[Computer and network surveillance|network surveillance]] and analysis of encrypted traffic, * enable otherwise unsupported integration with other applications that provide additional capabilities such as [[Content-control software|content filtering]] or [[Hardware security module]]s, * enable (D)TLS protocol versions, extensions, or capabilities (e.g., [[OCSP stapling]], [[Application-Layer Protocol Negotiation|ALPN]], [[DNS-based Authentication of Named Entities|DANE]], [[Certificate Transparency|CT]] validation, etc.) unsupported by client or server applications to enhance their compatibility and/or security, * work around buggy or insecure (D)TLS implementations in client or server applications to improve their compatibility and/or security, * provide additional [[Transport Layer Security#Client-authenticated TLS handshake|certificate-based authentication]] unsupported by server and/or client applications or protocols, * provide an additional [[Defense in depth (computing)|defense-in-depth]] layer for centralised control and consistent management of (D)TLS configuration and associated security policies, and * reduce the [[Load (computing)|load]] on the main servers by [[Computation offloading|offloading]] the cryptographic processing to another machine.
==Types==
TLS termination proxies can provide three connectivity patterns:<ref>{{Cite web |title=Infrastructure Layouts Involving TLS |url=https://www.haproxy.com/documentation/hapee/latest/deployment-guides/tls-infrastructure/ |publisher=HAProxy Technologies}}</ref> * '''TLS Offloading''': Terminates an inbound encrypted (D)TLS connection from a client and forwards communications over a plaintext connection to the server. * '''TLS Encryption''': Accepts an inbound plaintext connection from a client and forwards communications over an encrypted (D)TLS connection to the server. * '''TLS Bridging''': Terminates two encrypted (D)TLS connections to allow inspection and filtering of traffic. The proxy decrypts the inbound (D)TLS connection from the client and re-encrypts it using a separate (D)TLS connection to the server.
Combining a TLS Encrypting proxy in front of a client with a TLS Offloading proxy in front of a server can allow (D)TLS encryption and authentication for protocols and applications that do not otherwise support it, with the two proxies maintaining a secure (D)TLS tunnel over untrusted network segments between client and server.
A proxy used by clients as an intermediary gateway for all outbound connections is typically called a [[Forward proxy]], while a proxy used by servers as an intermediary gateway for all inbound connections is typically called a [[Reverse proxy]]. Forward TLS bridging proxies that allow an [[intrusion detection system]] to analyse all client traffic are typically marketed as "SSL Forward Proxy".<ref>{{Cite web |date=2023-10-16 |title=SSL Forward Proxy Overview |url=https://www.juniper.net/documentation/us/en/software/nm-apps23.1/junos-space-security-director/topics/concept/junos-space-ssl-forward-proxy-overview.html |url-status=live |archive-url=https://web.archive.org/web/20240608073611/https://www.juniper.net/documentation/us/en/software/nm-apps23.1/junos-space-security-director/topics/concept/junos-space-ssl-forward-proxy-overview.html |archive-date=2024-06-08 |access-date=2024-06-08 |publisher=[[Juniper Networks]]}}</ref><ref>{{Cite web |title=SSL Forward Proxy |url=https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/decryption/ssl-forward-proxy |publisher=Palo Alto Networks |access-date=2017-11-24 |archive-date=2017-12-01 |archive-url=https://web.archive.org/web/20171201081116/https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/decryption/ssl-forward-proxy |url-status=dead}}</ref><ref>{{Cite web |title=Overview: SSL forward proxy client and server authentication |url=https://support.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ssl-administration-11-6-0/13.html |publisher=F5 Networks |access-date=2017-11-24 |archive-date=2024-06-08 |archive-url=https://web.archive.org/web/20240608073110/https://techdocs.f5.com/kb/en-us/products/big-ip_ltm/manuals/product/bigip-ssl-administration-11-6-0/13.html |url-status=live}}</ref>
TLS Offloading and TLS Bridging proxies typically need to authenticate themselves to clients with a digital certificate using either [[X.509|PKIX]] or DANE authentication. Usually, the server operator supplies its reverse proxy with a valid certificate for use during the (D)TLS handshake with clients. A forward proxy operator, however, must create their own private [[Certificate authority|CA]], install it into the trust store of all clients, and have the proxy generate a new certificate signed by the private CA in real time for each server that a client attempts to connect to.
When network traffic between a client and server is routed via a proxy, it can operate in [[Proxy server#Transparent proxy|transparent]] mode by using the client's [[IP address]] instead of its own when connecting to the server, and using the server's IP address when responding to the client. If a '''Transparent TLS Bridging Proxy''' possesses a valid server certificate, neither the client nor the server would be able to detect the proxy's presence. An adversary who has compromised the private key of the server's digital certificate, or who can use a compromised or coerced PKIX CA to issue a new valid certificate for the server, could perform a [[man-in-the-middle attack]] by routing TLS traffic between the client and server through a Transparent TLS Bridging Proxy. This would grant the adversary the ability to copy decrypted communications (including logon credentials) and modify the content of communications on the fly without detection.
==See also== * [[TLS acceleration]]
==References== {{reflist}}
[[Category:Transport Layer Security]]