You can terminate SSL at the hardware device. In fact, that’s the whole point of it. You’re not only offloading the SSL decryption/encryption burden from the web server (typically the most intensive native actions on a web server) but you’re also saving money in certificate licensing. One cert is oftimes needed per web server…or per hardware SSL terminator. So one load-balancer or SSL terminator for 10 web servers still just means 1 for-pay cert.

And, yes, while Alan has a point that you now have unencrypted communication between device and web servers, you can also encrypt that communication using your own internal self-signed certs if you want. In fact, that’s what we do on our NLB (of course, we lose the gains we made on web server load, but we’re ok with that).

You’re absolutely correct. Even if that internal traffic is unencrypted from device to web servers, if someone is able to sniff that, you have other more important problems.

On a side note, even if you hack an SSL terminating device, I’d be curious if anyone has yet been able to hijack that device in a way that will leak the unencrypted information inside the device (i.e. before it hits the wire on the internal side). I’d be impressed if someone has done that… (And you’re right to tackle that by saying it’s not much different than hijacking the web server anyway…)