Terminating SSL connections without locally-accessible private keys

What is claimed is as follows: 1. Apparatus that is a first machine located behind a firewall of an enterprise, the enterprise being a customer of a service provider that provides an acceleration service via an overlay network, comprising: a processor; computer memory holding program code configured to be executed by the processor, the program code configured as a client component of a split proxy server, the split proxy server also having a server component distinct from the client component and that executes on a second machine located remote from the first machine, the second machine located in a data center associated with the overlay network and managed by the service provider, comprising: code operative in response to receipt of a handshake request from a client to determine whether a key exchange can be processed in part using a private key held in association with the server component of the split proxy server; code operative in response to determining, based on information in a data structure, that the key exchange can be processed in part using the private key held in association with the server component of the split proxy server, to forward first information from the client component of the split proxy server to the server component of the split proxy server, the first information configured to be processed using the private key maintained in association with the server component of the split proxy server; and code operative to receive a response from the server component of the split proxy server, the response including second information, the second information having been generated at the server component of the split proxy server by generating a hash of the first information, using the hash as an index into a cache, determining based on the hash whether first information is already present in the cache, when the first information is not already present in the cache, storing the first information in the cache and applying the private key maintained at the server component of the split proxy server to the first information; wherein, following a successful completion of a handshake initiated by the handshake request, an application associated with the first machine is enabled to receive the acceleration service via the overlay network. 2. The apparatus as described in claim 1 wherein the first information is an encrypted pre-master secret and the second information is a decrypted pre-master secret, and wherein the program code further includes code to use the decrypted pre-master secret to generate a master secret. 3. The apparatus as described in claim 2 further including code to return the master secret to the client. 4. The apparatus as described in claim 2 wherein the pre-master secret is established using asymmetric Rivest-Shamir-Adelman (RSA). 5. The apparatus as described in claim 1 wherein the handshake request is one of: a Secure Sockets Layer (SSL) handshake request, and a Transport Layer Security (TLS) handshake request. 6. A method to secure a communication, comprising: establishing a connection between a client component of a split proxy server executing on a first machine, and a server component of the split proxy server executing on a second machine, the first machine located behind a firewall of an enterprise, the enterprise being a customer of a service provider that provides an acceleration service via an overlay network, the second machine located in a data center associated with the overlay network and managed by the service provider, the second machine located remotely from the first machine; receiving, by the client component of the split proxy server executing on the first machine, a handshake request; upon receipt of the handshake request, determining, by the client component of the split proxy server, and based on information in a data structure, whether a key exchange associated with the handshake request can be processed in part using a private key that is held remotely and in association with the server component of the split proxy server; based on determining that the handshake request can be processed in part by using the private key that is held remotely, proxying first information over the connection from the client component of the split proxy server to the server component of the split proxy server; receiving from the server component of the split proxy server, over the connection, a response that includes second information, the second information having been generated at the server component of the split proxy server by generating a hash of the first information, using the hash as an index into a cache, determining based on the hash whether first information is already present in the cache, when the first information is not already present in the cache, storing the first information in the cache and applying the private key maintained at the server component of the split proxy server to the first information; and using the second information to further the key exchange; wherein, following a successful completion of a handshake initiated by the handshake request, an application associated with the first machine is enabled to receive the acceleration service via the overlay network. 7. The method as described in claim 6 wherein the handshake request is one of: a Secure Sockets Layer (SSL) handshake request, and a Transport Layer Security (TLS) handshake request. 8. The method as described in claim 6 wherein the first information is an encrypted pre-master secret, and the second information is the pre-master secret. 9. A system, comprising: at least one machine in a first network-accessible location and that includes proxy server component software program that executes on hardware, the first network-accessible location being part of an overlay network that is managed by a service provider that provides an acceleration service via the overlay network; at least one machine in a second network-accessible location and that includes a proxy client component software program that executes on hardware, the second network-accessible location being behind a firewall of an enterprise, the enterprise being a customer of the overlay network service provider; the proxy server component software program and the proxy client component software program comprising a split proxy and each including code to establish and maintain a connection there-between; the proxy client component software program configured to receive a handshake request from a client; the proxy client component software program operative to determine, based on information in a data structure, whether a key exchange associated with the handshake request can be processed using a private key held remotely and in association with the proxy server component software program; the proxy client component software program, upon determining that the secure handshake request can be processed using the private key held remotely, forwarding to the proxy server component software program over the connection first information; the proxy server software program configured to receive the first information forwarded from the proxy client software program; the proxy server component software program further configured to return a response to the proxy client software program over the connection, the response including second information, the second information having been generated at the proxy server component software program by receiving the first information, generating a hash of the first information, using the hash as an index into a cache, determining based on the hash whether first information is already present in the cache, when the first information is not already present in the cache, storing the first information in the cache and