We have product where we have a proxy which allows connection to agents from clients. Client, proxy and agent are all part of our code and not third party. The client and agent code is in C while proxy code to listen for client requests is in java, while proxy code to connect with agent is in C which uses JNI to copy data coming from client meant for agent and for data coming from agent meant for client. All communication happens in SSL. So essentially it works like the following:
1. Client authenticates itself with proxy using SSL.
2. Client send encrypted request for agent to proxy on the SSL connection created in step 1.
3. Proxy decrypts the request (this is in java code) and sends the request to agent by establishing another SSL connection with agent (this is in C code). Since two SSL connections exist decryption and encryption happens on the proxy for each such request.
4. Agent sends a response which is again decrypted first at proxy for connection created in step 3 (this is in C code) and encrypted to be sent to client (this is in java code). We Poll using jni for any data coming on the two sockets.
Now the data agent sends could be huge files (2+ GB). We have observed that encryption/decryption on proxy is cpu intensive and slows down the entire data transfer. As a result we have decided to use another approach.
In this approach, first client will authenticate itself to proxy using SSL as before. However once authenticated, proxy will only forward all data coming from client to agent, client will establish its own SSL connection with agent and as a result no decryption and encryption of data will occur at proxy. Data will flow as in through proxy from client to agent and vice-versa.
We already have SSL server sockets listening for incoming connections. My question is how do we read from the same connection in an unencrypted manner once authenticated. Any ideas?
Also can we get the socket fd for the client to proxy connection and try reading from C code to write it directly to the agent?