Proxy SSL handoff via mid-stream renegotiation

What is claimed as new and desired to be protected by Letters Patent of the United States is: 1. A traffic management device interposed between a client device and a plurality of server devices, comprising: a transceiver to send and receive data over a network; and a processor that is operative to perform actions comprising: obtaining a session key associated with an end-to-end encrypted session that is established between the client device and a first server device in the plurality of server devices; transmitting a renegotiation request to the client device over an end-to-end encrypted connection of the end-to-end encrypted session to request renegotiation of the end-to-end encrypted connection; intercepting a second set of handshake messages sent by the client device over the end-to-end encrypted connection, wherein the second set of handshake messages are addressed to the first server device, and wherein the second set of handshake messages are sent in response to the renegotiation request; decrypting the intercepted second set of handshake messages using one or more connection keys, generated based on the session key; and redirecting the decrypted second set of handshake messages to a selected second server device of the plurality of server devices, such that the selected second server device replaces the first server device as an endpoint in the end-to-end encrypted connection. 2. The traffic management device of claim 1 , wherein obtaining the session key further comprises: receiving a private key associated with the selected second server device; extracting, from the second set of handshake messages, secret data associated with the encrypted session using the private key associated with the selected second server device; and generating a second session key associated with the encrypted session based in part on the secret data extracted from the second set of handshake messages. 3. The traffic management device of claim 1 , the actions further comprising: intercepting a message sent over the end-to-end encrypted connection by the client device, wherein the message is addressed to the first server device; and redirecting the intercepted message to the selected second server device. 4. The traffic management device of claim 1 , the actions further comprising: intercepting a message sent over the end-to-end encrypted connection by the client device, wherein the message is addressed to the first server device; decrypting a payload within the intercepted message using one or more connection keys generated based on the second session key; modifying the decrypted payload; encrypting the modified payload using the one or more connection keys generated based on the second session key; and providing the encrypted modified payload over the end-to-end encrypted connection to the selected second server device. 5. The traffic management device of claim 1 , wherein the second server is selected based on a criteria determined by: extracting a header from an intercepted application protocol layer message using the one or more connection keys generated from the session key; and determining that the content requested in the header is located on the second server device. 6. The traffic management device of claim 1 , wherein the traffic management device comprises a server side traffic management device locally situated in proximity to the selected second server device, and wherein a client-side traffic management device is remotely situated from the selected second server device and interposed between the client device and the server-side traffic management device such that the end-to-end encrypted connection flows through the client-side traffic management device, wherein the client-side traffic management device performs actions comprising: receiving the one or more connection keys generated based on the second session key from the server-side traffic management device; intercepting encrypted data transmitted from the client device to the first server device over the end-to-end encrypted connection; decrypting the encrypted data with the one or more connection keys generated based on the second session key; modifying the decrypted data; re-encrypting the modified data with the one or more connection keys generated based on the second session key; and transmitting the re-encrypted modified data towards the first server device, wherein the server-side traffic management device intercepts and decrypts the modified data, and redirects the modified data to the selected second server device. 7. The traffic management device of claim 6 , such that when the end-to-end encrypted session is established, the client-side traffic management device inserts itself between the client device and the first server device using a Border Gateway Protocol (BGP). 8. A system comprising: a plurality of server devices; and a traffic management device in communication with the plurality of server devices, the traffic management device being locally situated in proximity to the plurality of server devices, wherein the traffic management device is in communication with a client device over a network, and wherein the traffic management device is configured to perform actions including: obtaining a session key associated with an end-to-end encrypted session that is established between the client device and a first server device in the plurality of server devices; transmitting a renegotiation request to the client device over an end-to-end encrypted connection of the end-to-end encrypted session to request renegotiation of the end-to-end encrypted connection; intercepting a second set of handshake messages sent by the client device over the end-to-end encrypted connection, wherein the second set of handshake messages are addressed to the first server device, and wherein the second set of handshake messages are sent in response to the renegotiation request; decrypting the intercepted second set of handshake messages using one or more connection keys generated based on the session key; and redirecting the decrypted second, set of handshake messages to a selected second server device of the plurality of server devices, such that the selected second server device replaces the first server device as an endpoint of the end-to-end encrypted connection. 9. The system of claim 8 , the actions further comprising: receiving a private key associated with the selected second server device; extracting, from the second set of handshake messages, secret data associated with the encrypted session, using the private key associated with the selected second server device; and generating a second session key associated with the encrypted session based in part on the secret data extracted from the second set of handshake messages. 10. The system of claim 9 , wherein obtaining a session key further comprises: intercepting a message sent over the end-to-end encrypted connection by the client device, wherein the message is addressed to the first server device; and redirecting the intercepted message to the selected second server device. 11. The system of claim 9 , the actions further comprising: intercepting a message sent over the end-to-end encrypted connection by the client device, wherein the message is addressed to the first server device; decrypting a payload within the intercepted message using one or more connection keys generated based on the second session key; modifying the decrypted payload; encrypting the modified payload using the one or more connection keys generated based on the second session key; and providing the encrypted modified payload over the end-to-end encrypted connection to th