DGS-3100 Series Gigabit Stackable Managed Switch User Manual
156
Configuring Secure Socket Layer Security
Secure Socket Layer (SSL) is a security feature that provides a secure communication path between a host and client
through the use of authentication, digital signatures, and encryption. These security functions are implemented using a
Ciphersuite, which is a security string that determines the exact cryptographic parameters, specific encryption algorithms
and key sizes used for authentication sessions, and that consists of:
Key Exchange —Cyphersuite strings specify the public key algorithm used. This switch utilizes the Rivest Shamir
Adleman (RSA) public key algorithm. This is the first authentication process between client and host as they
“exchange keys” in looking for a match and therefore authentication to be accepted to negotiate encryptions on the
following level.
Encryption: The second part of the ciphersuite that includes the encryption used for encrypting the messages sent
between client and host. The Switch supports two types of cryptology algorithms:
– Stream Ciphers – There are two types of stream ciphers on the Switch, RC4 with 40-bit keys and RC4 with
128-bit keys. These keys are used to encrypt messages and need to be consistent between client and host for
opt
i
mal use.
– CBC Block Ciphers – Cipher Block Chaining (CBC) link
s encrypted text blocks. The Switch supports the
3DES EDE encryption code defined by the Data Encryption Standard (DES) to create the encrypted text.
Hash Algorithm — Th
is part of the ciphersuite allows the user to choose a message digest function which will
determine a Message Authentication Code. This Message Authentication Code will be encrypted with a sent
message to provide integrity and prevent against replay attacks. The Switch supports two hash algorithms, Message
Digest 5 (MD5) and Secure Hash Algorithm (SHA).
The SSL Configuration Settings Page permits network managers to enable SSL with all supported ciphersuites on the
Switch
.
Ciphersuites are security strings that determines the exact cryp
tographic parameters, specific encryption algorithms
and key sizes to be used for an authentication session. The Switch possesses three possible ciphersuites for the SSL function,
which are enabled by default.
NOTE: Once SSL is enabled, the Web and Telnet are disabled.
To ma
nage the device via an Embedded Web System while SSL is enabled, the web browser must support SSL encryption.
URL headers must begin with https://, for example https://10.90.90.90
.
The system supports up-to five SSH sessions.
To enable SSL on the device:
1. Click Security > SSL. The SSL Configuration Settings Page opens:
To Next Page
Loading...
Need help?
General
