SSL connection handling for brokers and agents of an SSL-enabled AppServer
When you configure an SSL-enabled AppServer, the AppServer broker and its agents use SSL-enabled server sockets depending on the AppServer operating mode, as shown in the following table.
Table 13. Processes using SSL server sockets for an SSL-enabled AppServer
For this AppServer operating mode . . .
SSL server sockets are used for the . . .
State-reset
AppServer broker and agents
State-aware
AppServer broker and agents
Stateless
AppServer broker only
State-free
AppServer broker only
Thus, for state-reset and state-aware modes, the AppServer broker accepts an initial SSL connection from the SSL client, then disconnects and assigns that client an SSL connection to an available AppServer agent. Because these connections are sequential, encryption overhead is essentially reduced to a single connection per SSL client-server exchange, even though the client connects to both the broker and agent. The only additional overhead is the brief exchange between the broker and agent to locate and hand off the agent connection to the client.
For stateless and state-free operating modes, the client is always connected to and exchanges all network communications with the AppServer broker, limiting encryption overhead to this single connection. All communications between the broker and agents occurs on the same system with no data broadcast on the network where it can be intercepted. Therefore, the communications between broker and agents is in clear text, eliminating any needless encryption overhead between them.