TLS, headers and proxies : how to answer the client?

Question

CONTEXT :

I try to familiarize myself with web technology. I've been learning sockets recently and now raise the bar to tcp servers.

I have two servers : one frontend and one database server. Frontend : nginx DB server : custom tcp server for database connection.

TLS encryption activated.

Nginx - Debian 64.

PROBLEM :

Frontend is named A and Database is named B.

I would like to understand how I can have A as a ssl termination point, pass the request to B server and finally send back the query to A so that is answers the client with TLS.

From what I understand :

1) client requests server for ssl handshake

2) server accepts and does that according to the cert it is related with

3) client make a query

4) server look at the payload and knows that it is good because it may have a cache somewhere

5) but the query has to be proxied on LAN so the server proxies the request in clear

6) the other server treats the query and answer back to the frontend

7) frontend encrypts again the whole response and sends it again to the client.

How 7) happens ? I think that it cannot be reencrypted randomly, right ? it has to get a key in a cache or something, no ?

What I need is confirmation or explanation on this point 7).

Answer 1

How 7) happens ? I think that it cannot be reencrypted randomly, right ? it has to get a key in a cache or something, no ?

7 happens by encrypting the response data with the session key that was negotiated during the SSL handshake.