95
SSL CONFIGURATION
When configuring SSL, go to these sections for information you are interested in:
■ “SSL Overview” on page 1207
■ “SSL Configuration Task List” on page 1208
■ “Displaying and Maintaining SSL” on page 1211
■ “Troubleshooting SSL” on page 1211
SSL Overview Secure Sockets Layer (SSL) is a security protocol providing secure connection
service for TCP-based application layer protocols, for example, HTTP protocol. It is
widely used in E-business and online bank fields to provide secure data
transmission over the Internet.
SSL provides these security services:
■ Confidentiality: SSL encrypts data using a symmetric encryption algorithm and
the key generated during the handshake phase.
■ Authentication: SSL supports authenticating both the server and the client
through certificates, with the authentication of the client being optional.
■ Reliability: SSL uses key-based message authentication code (MAC) to verify
message integrity.
As shown in Figure 357, the SSL protocol consists of two layers of protocols: the
SSL record protocol at the lower layer and the SSL handshake protocol, change
cipher spec protocol, and alert protocol at the upper layer.
Figure 357 SSL protocol stack
■ SSL handshake protocol: Responsible for establishing a session between a
client and the server. A session consists of a set of parameters such as the
session ID, peer certificate, cipher suite (including key exchange algorithm, data
encryption algorithm and MAC algorithm), compression algorithm, and master
key. An SSL session can be used to establish multiple connections, reducing
session negotiation cost.
Application layer protocol (e.g. HTTP)
TCP
IP
SSL handshake protocol SSL change cipher spec protocol SSL alert protocol
SSL record protocol
To Next Page
Loading...
