What is the difference between the SSL Access and Web Access Layers?

book

Article ID: 167301

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

 What is the difference between Web Access and SSL Access Layers in the context of blocking \ allowing HTTPS sites?

Resolution

These two layers present actions based on different stages of an HTTPS transaction.

The SSL Access Layer can allow or deny sites based on the information within the SSL certificate presented by the OCS. Checks can be done on the hostname, validity, date, and other information contained within a certificate. No real SSL interception is done, the certificate is not encrypted, and the information contained within is public.

The Web Access Layer allows or denies HTTPS sites after a certificate has been accepted and the SSL connection has been intercepted. The Web Access Layer bases its decisions on the content within the website, which is usually encrypted. Hence, to effectively block HTTPS sites in this manner, SSL interception must be enabled for the site in question.