Load balancers and Application Delivery Controllers (ADCs) use OpenSSL as their core component for SSL processing. With OpenSSL Heartbleed, a 2-year long, unprotected exposure recently discovered in all load balancers, SSL processing in ADCs is no longer a viable option for security minded companies. A dedicated SSL processing layer is necessary. HTTPS and FTPS traffic can be load balanced using classic load balancers, however, the SSL termination and initiation should only be addressed by a dedicated, OpenSSL-free, SSL proxy such as Forum Sentry.
Unlike Application Delivery Controllers (ADC) that have evolved from their core speeds-and-feeds traffic management functions to add SSL processing via a bolt-on OpenSSL library, Forum Sentry is built without OpenSSL and with a security-first vision. Corporations can no longer afford to use vulnerable products for SSL processing that are assembled with a bolt-on mindset.
Public-private key generation, certificate enrollment, key revocation, and certificate revocation list (CRL) updates are crucial PKI management functions to keep SSL processing secure. Using a dedicated security device that does not use OpenSSL for any security functions is crucial for maintaining a strong security posture. Forum Sentry provides extensive, OpenSSL-free, PKI management for enterprise-class security.
Not all cryptographic operations are created equal. Forum Sentry provides granular control and choice of cryptographic algorithms for SSL termination and initiation. Your organization can choose which cipher suites to use and which ones to turn off.