Hi Feroz,
Riverbed representatives and SE's should be able to give you much more detail on this but I hope text below and attached slide will give you a good idea already. Beware, since RIOS 5 some important enhancements regarding key-management are added as well, so check further for latest info.
1.Before any SSL optimization can take place, the SSH must be configured with each SSL server s private key, public cert, ip address, and port. This is a one-time config.
2.The three classic TCP connections happen first. If the client's connection request is to an identified SSL port, then the inner TCP connection will be secure (i.e., over SSL).
3.After we have three TCP connections up and running, next comes the SSL 'hello' from the client. This 'hello' is intercepted by the SSH. Upon intercepting the client's hello, the SSH then completes an SSL handshake with the server, establishing a secure SSL session over its TCP connection to the server.
4.Next, the SSH replies to the client's hello and establishes an SSL session directly with the client using the server's SSL credentials. This SSL session takes place over two TCP connections: between the client and CSH and between the CSH and SSH.
5.Once the SSL session is established between the SSH and client, the SSH pushes the session key for the session to the CSH over its SSH-CSH SSL session. Once the CSH has the SSH-client session key, it then makes itself the endpoint for the SSH-client session.
6.In the end, we have three unique SSL sessions running over three unique TCP connections. Both the TCP and SSL sessions are transparent to the client and server, and they both think they are connected to each other, both over TCP/IP and SSL.
rgds
Dirk
