SYSTEMS AND METHODS FOR NEXTPROTO NEGOTIATION EXTENSION HANDLING USING MIXED MODE

US 20140304498A1
Filed: 04/06/2013
Published: 10/09/2014
Est. Priority Date: 04/06/2013
Status: Active Grant

First Claim

Patent Images

1. A method for handling the processing of a next protocol negotiation extension for a transport layer security (TLS) session, the method comprising:

(a) receiving, by a device intermediary to a client and a server, a client hello message from the client in a handshake to establish a transport layer security (TLS) session with the server, the client hello message comprising a next protocol negotiation extension, the device comprising a first TLS processor that is software based and a second TLS processor that is hardware based;

(b) determining by the device, that the client hello message includes the next protocol negotiation extension;

(c) establishing, by the device responsive to the determination, the TLS session using the first TLS processor; and

(d) processing, by the device upon establishment of the TLS session using the first TLS processor, encrypted data for the TLS session using the second TLS processor.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This disclosure is directed to systems and methods for handling the processing of a next protocol negotiation extension for a transport layer security (TLS) session. A device, intermediary to a client and a server, may receive a client hello message from the client in a handshake to establish a transport layer security (TLS) session with the server. The client hello message may include a next protocol negotiation extension. The device may include a first TLS processor that is software based and a second TLS processor that is hardware based. The device may determine that the client hello message includes the next protocol negotiation extension. The device may establish, responsive to the determination, the TLS session using the first TLS processor. The device may process, upon establishment of the TLS session using the first TLS processor, encrypted data for the TLS session using the second TLS processor.

Citations

20 Claims

1. A method for handling the processing of a next protocol negotiation extension for a transport layer security (TLS) session, the method comprising:
- (a) receiving, by a device intermediary to a client and a server, a client hello message from the client in a handshake to establish a transport layer security (TLS) session with the server, the client hello message comprising a next protocol negotiation extension, the device comprising a first TLS processor that is software based and a second TLS processor that is hardware based;
  
  (b) determining by the device, that the client hello message includes the next protocol negotiation extension;
  
  (c) establishing, by the device responsive to the determination, the TLS session using the first TLS processor; and
  
  (d) processing, by the device upon establishment of the TLS session using the first TLS processor, encrypted data for the TLS session using the second TLS processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein step (a) further comprises receiving, by the device, the client hello message to establish the TLS session comprising a secure socket layer (SSL) session.
  - 3. The method of claim 1, wherein step (b) further comprises parsing, by the device, the client hello message for TLS extensions.
  - 4. The method of claim 1, wherein step (c) further comprises completing, by the device, the TLS handshake with the client.
  - 5. The method of claim 1, wherein step (c) further comprises transmitting, by the device, a server hello message with the next protocol negotiation extension and advertising a list of protocols.
  - 6. The method of claim 1, wherein step (d) further comprises obtaining, by the device, a first TLS context of the first TLS session from the first TLS processor.
  - 7. The method of claim 6, further comprising establishing, by the device, a second TLS context for the TLS session with the second TLS processor based on the first TLS context.
  - 8. The method of claim 6. further comprising communicating, by the device, to the second TLS processor, cipher specification information from the next protocol handshake message from establishing the TLS session.
  - 9. The method of claim 1, wherein step (d) further comprises receiving, by the device, encrypted data from one of the client or the server over the TLS session.
  - 10. The method of claim 9, further comprising providing, by the device responsive to identifying that the TLS is using next protocol negotiation extensions, the encrypted data to the second TLS processor for decryption.

11. A system for handling the processing of a next protocol negotiation extension for a transport layer security (TLS) session, the system comprising:
- a device intermediary to a client and a server, the device configured to receive a client hello message from the client in a handshake to establish a transport layer security (TLS) session with the server, the client hello message comprising a next protocol negotiation extension,a first TLS processor that is software based;
  
  a second TLS processor that is hardware based;
  
  wherein the device is configured to determine that the client hello message includes the next protocol negotiation extension and establish, responsive to the determination, the TLS session using the first TLS processor; and
  
  wherein the device upon establishment of the TLS session using the first TLS processor is configured to use the second TLS processor for processing encrypted data for the TLS session.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The system of claim 11, wherein the TLS session comprises a secure socket layer (SSL) session.
  - 13. The system of claim 11, wherein the device is configured to parse TLS messages for TLS extensions.
  - 14. The system of claim 11, wherein the device is configured to complete the TLS handshake with the client.
  - 15. The system of claim 11, wherein the device is configured to transmit a server hello message with the next protocol negotiation extension and advertising a list of protocols.
  - 16. The system of claim 11, wherein the device is configured to obtain a first TLS context for the TLS session from the first TLS processor.
  - 17. The system of claim 16, wherein the device is configured to establish a second TLS context for the TLS session with the second TLS processor based on the first TLS context.
  - 18. The system of claim 16, wherein the device is configured to communicate to the second TLS processor, cipher specification information from the next protocol handshake message from establishing the TLS session.
  - 19. The system of claim 11, wherein the device is configured to receive encrypted data from one of the client or the server over the TLS session.
  - 20. The system of claim 19, wherein the device is configured to provide, responsive to identifying that the TLS is using next protocol negotiation extensions, the encrypted data to the second TLS processor for decryption.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Citrix Systems, Inc. (Cloud Software Group)
Original Assignee
Citrix Systems, Inc. (Cloud Software Group)
Inventors
Saha, Ashoke, Kanekar, Tushar, Gonuguntla, Swarupa

Granted Patent

US 9,077,754 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 63/0281 Proxies

H04L 63/168 above the transport layer

SYSTEMS AND METHODS FOR NEXTPROTO NEGOTIATION EXTENSION HANDLING USING MIXED MODE

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR NEXTPROTO NEGOTIATION EXTENSION HANDLING USING MIXED MODE

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links