|Cloudmersive Forward Proxy SSL Bumping|
|9/15/2022 - Cloudmersive Support|
SSL Bumping is a process by which SSL encrypted traffic is decrypted, processed by the proxy server, and then re-encrypted with a different certificate that is trusted by the client (e.g. web browser via a root certificate) and then sent back to the client.
For instance, suppose a user wishes to access
SSL bumping replaces this process with the following: when the request is sent to the Proxy server, it opens an SSL connection with a self-signed certificate that is trusted by the browser. The proxy will then see the entire contents of the incoming request because it can decrypt this request, and the browser will allow this to occur because it trusts the certificate sent back by the Proxy server. The forward proxy server will then do any needed processing of the request and then send this request on to the upstream server as a normal HTTPS request, and retrieve the response. When the response is received, it will be processed, and then re-encrypted using the self-signed certificate trusted by the browser. The browser accepts this response and displays it on the screen.
Note that key to this process working: the browser or client OS must have the relevant self-signed root certificate installed as a trusted certificate authority on the client to allow SSL bumping to function and provide the needed security.