When should SSL Termination take place?

What is SSL termination?

SSL termination is the point where a TLS/SSL encrypted request is converted to clear text.

Why terminate?

The first thought would be that it should take place at the server handling the request, but this can be problematic beyond the most basic solutions. The resource cost of establishing an SSL session is not trivial; under high loads, it can impact application servers' scalability. DDoS attacks target this cost to produce service outages. State management and routing functions are limited in an SSL/TLS context, making it difficult to manage scalability.

So When?

When to terminate SSL/TLS can often become contentious in the enterprises; various groups will have opinions and best practices or "requirements," but the reality is you need to be pragmatic in your decision. Termination should occur at the point needed to make the solution maintainable, effective, and secure.

What factors contribute when where to terminate the encryption?

1. What is being protected?

2. What is it being to protect against?

3. Is the environment trusted?

4. Is upstream inspection required?

5. Will not terminating encryption create resource contention on my application servers?

6. How many SSL/TLS resource endpoints need to be managed?

7. Do all of the backend services need to be encrypted?

While the needs of public (internet) applications and those that live behind a corporate firewall are not the same, all of the questions are still relevant.

If you answered no to the question, "Is the environment trusted" you may want to put on the breaks. If your IT processes and practices are not up to the standards needed to protect the unencrypted information, where terminate, TLS is not the question you need to be asking.

For any non-trivial application, consider SSL bridging and a good starting point. Bridging allows for easier management, inspection based load balancing, and in-network encryption. The load balancer can be configured to handle SSL DDos, with long-chain short-lived certificates, while the internal traffic can run smaller short-chain certificates to reduce resource utilization.