Network security and WAN optimization initiatives don’t always complement one another.

Consider corporate traffic that is encrypted through the SSL protocol. SSL traffic often is left out of traditional acceleration techniques, since speeding traffic over the wide area requires examining the payload - which means un-encrypting the data.

Un-encrypting data can be complicated, since IT pros are likely reluctant to distribute SSL certificates and private security keys outside of the data center.

This week Riverbed Technology plans to unveil its approach for accelerating SSL application traffic. The vendor is releasing the next version of its Riverbed Optimization System (RiOS) software, which powers all of its Steelhead appliances.

In a process Riverbed calls “split termination,” RiOS 4.0 keeps a copy of a company’s SSL certificates and private keys in a Steelhead appliance that resides in the company’s data center. This server-side appliance then uses Riverbed identity certificates to establish a secure connection with Steelhead appliances across the WAN.

“A client request is intercepted on the server-side Steelhead appliance, and the Steelhead appliance on the server side makes a secure connection with the Web server,” explains Alan Saldich, vice president of product marketing at Riverbed. “Next the server-side appliance establishes its own SSL connection directly with the client, and a temporary session key is moved over to the client-side Steelhead appliance.” Once the temporary SSL session begins, the Riverbed appliances can decrypt the traffic and apply standard algorithms to accelerate to the traffic, he says.

Customers’ desire to accelerate SSL traffic has grown as the percentage of network traffic that is encrypted through SSL increases; Riverbed estimates about 15% of enterprise traffic is SSL, and it’s growing at a rate of about 52%. “The SSL feature has been our No. 1 feature request for 18 months,” Saldich says. “We know it’s widely needed.”

Also new to RiOS 4.0 is the ability to discover and track objects on Web pages, including images, scripts and cascading style sheets. When a server-side Steelhead appliance is handling requests for a Web page that has been requested before, the appliance can streamline delivery by transferring groups of objects in parallel, rather than one at a time.

Ann Bednarz is associate news editor at Network World.