Supporting SSL tunneling imposes significant overhead on client/server transactions. To minimize the impact of this overhead, OpenEdge uses SSL tunneling between the client and either the AppServer agent or the AppServer broker, but not both, according to the operating mode in which the AppServer runs:
Session-managed — For the session-managed modes (state-reset and state-aware), the client makes an SSL connection to the AppServer agent, after its initial connection to the broker. Because this initial client-broker connection does not carry customer-level information, SSL tunneling is not necessary.
Session-free — For the session-free modes (stateless and state-free), the client makes an SSL connection to the AppServer broker, which is the single primary server connection. SSL tunneling is not necessary for the transmission of data between the broker and the AppServer agent, because this connection is local to a single system and therefore is not exposed to the network.
Session-managed — For the session-managed modes (state-reset and state-aware), the client makes an SSL connection to the AppServer agent, after its initial connection to the broker. Because this initial client-broker connection does not carry customer-level information, SSL tunneling is not necessary.
