Ssl Overview - 3Com Switch 4800G 24-Port Configuration Manual

95

SSL Overview

SSL C
ONFIGURATION
When configuring SSL, go to these sections for information you are interested in:
"SSL Overview" on page 1207
■
"SSL Configuration Task List" on page 1208
■
"Displaying and Maintaining SSL" on page 1211
■
"Troubleshooting SSL" on page 1211
■
Secure Sockets Layer (SSL) is a security protocol providing secure connection
service for TCP-based application layer protocols, for example, HTTP protocol. It is
widely used in E-business and online bank fields to provide secure data
transmission over the Internet.
SSL provides these security services:
Confidentiality: SSL encrypts data using a symmetric encryption algorithm and
■
the key generated during the handshake phase.
Authentication: SSL supports authenticating both the server and the client
■
through certificates, with the authentication of the client being optional.
Reliability: SSL uses key-based message authentication code (MAC) to verify
■
message integrity.
As shown in Figure 357, the SSL protocol consists of two layers of protocols: the
SSL record protocol at the lower layer and the SSL handshake protocol, change
cipher spec protocol, and alert protocol at the upper layer.
Figure 357 SSL protocol stack
Application layer protocol (e.g. HTTP )
SSL handshake protocol
SSL handshake protocol: Responsible for establishing a session between a
■
client and the server. A session consists of a set of parameters such as the
session ID, peer certificate, cipher suite (including key exchange algorithm, data
encryption algorithm and MAC algorithm), compression algorithm, and master
key. An SSL session can be used to establish multiple connections, reducing
session negotiation cost.
SSL change cipher spec protocol
SSL record protocol
TCP
IP
SSL alert protocol