Which two schemes provide end-to-end encryption while enabling NetScaler to optimize responses?

To achieve end-to-end encryption while still letting NetScaler optimize responses, the front-end and back-end connections must both use TLS. Configuring the virtual server to use SSL handles the client connection, while configuring the services to use SSL handles the back-end connection. This setup lets NetScaler terminate the client TLS at the virtual server to inspect and optimize the response (compression, caching, etc.) and then re-encrypt the data for the backend servers, keeping encryption on both hops. If either leg were HTTP, the corresponding portion would be unencrypted, breaking the intended end-to-end protection. If SSL Bridge were used, the system wouldn’t be able to decrypt for optimization, defeating the optimization goal.