Product Documentation

SSL Compression

May 23, 2013

CloudBridge SSL compression applies multisession compression to SSL connections (for example, HTTPS traffic), providing compression ratios of up to 10,000:1.

Note: SSL compression requires a secure peering (signaling) connection between the two appliances at the ends of the accelerated link.

Encryption is maintained from end to end by splitting the connection into three encrypted segments: client to client-side appliance, client-side appliance to server-side appliance, and server-side appliance to server.

Figure 1. SSL Compression

Caution: SSL Compression decrypts the encrypted data stream and, unless the User Data Encryption option is used, the compression histories of both acceleration units retain clear-text records of the decrypted data. Verify that your deployment and settings are consistent with your organization's security policies. Citrix recommends that you enable encryption of the compression history on each unit when you configure the secure peering signaling connection required for SSL acceleration.
Note: When you enable SSL compression, the appliance stops attempting compression with other appliances with which it does not have a secure peer relationship (whether CloudBridge, CloudBridge, or CloudBridge Plug-in). This feature is thus best-suited for networks where all appliances are configured for SSL compression.
Note: With SSL compression enabled, you must manually type in the Key Store password each time the appliance is restarted.