9-2
Configuring Secure Socket Layer (SSL)
Terminology
Figure 9-1. Switch/User Authentication
SSL on the switches covered in this guide supports these data encryption 
methods:
■ 3DES (168-bit, 112 Effective)
■ DES (56-bit)
■ RC4 (40-bit, 128-bit)
Note HP Switches use RSA public key algorithms and Diffie-Hellman, and all 
references to a key mean keys generated using these algorithms unless 
otherwise noted
Terminology
■ SSL Server: An HP switch with SSL enabled.
■ Key Pair: Public/private pair of RSA keys generated by switch, of which 
public portion makes up part of server host certificate and private portion 
is stored in switch flash (not user accessible). 
■ Digital Certificate: A certificate is an electronic “passport” that is used 
to establish the credentials of the subject to which the certificate was 
issued. Information contained within the certificate includes: name of the 
subject, serial number, date of validity, subject's public key, and the digital 
signature of the authority who issued the certificate. Certificates on HP 
switches conform to the X.509v3 standard, which defines the format of 
the certificate.
■ Self-Signed Certificate: A certificate not verified by a third-party cer-
tificate authority (CA). Self-signed certificates provide a reduced level of 
security compared to a CA-signed certificate.
■ CA-Signed Certificate: A certificate verified by a third party certificate 
authority (CA). Authenticity of CA-Signed certificates can be verified by 
an audit trail leading to a trusted root certificate. 
HP 
Switch 
(SSL 
Server)
SSL Client 
Browser
1. Switch-to-Client SSL Cert. 
2. User-to-Switch (login password and
 enable password authentication)
 options:
– Local
– TACACS+
– RADIUS