2017-01-27

SSL Inspection for HTTPS

CacheGuard Web Gateway appliance embeds an SSL inspection facility.

CacheGuard SSL InspectionSSL Inspection & Offloading - CacheGuard Web Security

SSL Inspection (mediation) allows to increase the security of the Web traffic and optimize the network bandwidth usage.

Today the more popular websites like YouTube and FaceBook replaced HTTP by HTTPS, making it impossible to inspect and/or cache the content of the traffic that they generate. That’s why CacheGuard features a facility that allows to inspect HTTPS traffic in order to block encrypted malicious objects. In addition it becomes possible to cache the content of bandwidth consuming websites such as YouTube which uses HTTPS.

To do so CacheGuard use an SSL inspection module that decrypt, inspect and/or cache and then re-encrypt the HTTPS traffic before routing it to users. The SSL Inspection feature is integrated into the CacheGuard Web Proxy.

The usage of OpenSSL

CacheGuard uses a stable and up to date version of OpenSSL library to manage HTTPS and other SSL/TLS based traffic.The SSL options and ciphers are adequately chosen in CacheGuard to provide the highest security level for HTTPS traffic, thereby allowing you to concentrate on your core business and do not worry about SSL weaknesses.

As all other tools and library used by CacheGuard as well as specific programs written for CacheGuard, OpenSSL is Open Source. The source code transparency, especially for security tools is a guarantee that a program does not contain any backdoor or security hole that can’t be revealed one day and be fixed.

At CacheGuard Technologies Ltd. we are convinced that it’s much safer to trust Open Source programs compared to closed or opaque technologies in which nobody (except the editor) has any real idea about how related programs could be.

Integrated mini PKI

To make the SSL mediation work CacheGuard uses a CA certificate that should be imported to the end-user Web browser prior any attempts to access an HTTPS website. To deal with CA certificates CacheGuard embeds a mini PKI that allows you to generate private keys and associated CA certificates. This way, configuring the SSL mediation become straightforward and highly secured.

Learn more about the SSL Inspection in the User’s Guide.