[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[TLS] TLS load balancer
Hi,
It seems to me that a TLS load balancer would first examine the client hello
for the session ID so it can forward the connection to the appropriate TLS
server that has this session in its cache (is this a deployment that is only
seen in practice?).
Then it would, I think, examine the TCP/IP parameters of the client and the
server to forward the follow on TCP packets that underline the connection.
Question arises how does the non-decrypting TLS load balancer would know
when the connection ended (I recall that the close alerts are encrypted) so
it can release its own resources allocated for the connection?
What is the size of the most probable TCP packet data portion compared with
the 2^14 bytes (maximum as in TLSPlaintext.fragment)? Or does the
implementers encouraged to send one packet per fragment?
What about https 1.1 "keep alive" option? Does this mean that the connection
will stay alive until "keep alive" or session life time expires? And how
this would affect a TLS load balancer?
_______________________________________________
TLS mailing list
TLS@xxxxxxxxxxxxxx
https://www1.ietf.org/mailman/listinfo/tls