MNS-BB Software User Guide
-30-
• Use public-key encryption techniques to generate shared secrets.
• Establish an encrypted SSL connection.
6.10.2 Ciphers Used with SSL
The SSL protocol supports the use of a variety of different cryptographic algorithms, or ciphers, for
use in operations such as authenticating the server and client to each other, transmitting certificates,
and establishing session keys. Clients and servers may support different cipher suites, or sets of
ciphers, depending on factors such as the version of SSL they support, company policies regarding
acceptable encryption strength, and government restrictions on export of SSL-enabled software.
Among its other functions, the SSL handshake protocol determines how the server and client
negotiate which cipher suites they will use to authenticate each other, to transmit certificates, and to
establish session keys.
The cipher suite descriptions that follow refer to these algorithms:
• DES. Data Encryption Standard, an encryption algorithm used by the U.S. Government.
• DSA. Digital Signature Algorithm, part of the digital authentication standard used by the
U.S. Government.
• KEA. Key Exchange Algorithm, an algorithm used for key exchange by the U.S.
Government.
• MD2, MD4 and MD5. Message Digest algorithm.
• RC2, RC4 and RC5. Rivest encryption ciphers developed for RSA Data Security.
• RSA. A public-key algorithm for both encryption and authentication. RSA key exchange. A
key-exchange algorithm for SSL based on the RSA algorithm.
• SHA-1. Secure Hash Algorithm, a hash function used by the U.S. Government.
• Blowfish
Key-exchange algorithms like RSA key exchange govern the way in which the server and client
determine the symmetric keys they will both use during an SSL session. The most commonly used
SSL cipher suites use RSA key exchange.
The SSL 2.0 and SSL 3.0 (TLS 1.0) protocols support overlapping sets of cipher suites.
Administrators can enable or disable any of the supported cipher suites for both clients and servers.
When a particular client and server exchange information during the SSL handshake, they identify the
strongest enabled cipher suites they have in common and use those for the SSL session.
However, since 40-bit ciphers can be broken relatively quickly, administrators who are concerned
about eavesdropping and whose user communities can legally use stronger ciphers should disable the
40-bit ciphers.
6.10.3 CLI
Global Features
• Users are able to enable/disable SSL extensions for Web Management. When turned on,
browser clients will have to communicate with the switch through HTTPS protocol instead
of HTTP protocol.
• When Web Management is disabled, SSL is also disabled regardless of whether SSL
function is enabled or disabled.
Note: SSL security can be disabled or enabled through Access module. By default it is enabled.
LE2425A#access
To Next Page
Loading...
