Fips Compliance; Ssl Configuration Task List; Configuring An Ssl Server Policy - HP 5920 Series Configuration Manual

Figure 103 SSL protocol stack
The following describes the major functions of SSL protocols:
SSL record protocol—Fragments data received from the upper layer, computes and adds MAC to
•
the data, and encrypts the data.
• SSL handshake protocol—Negotiates the cipher suite used for secure communication (including the
symmetric encryption algorithm, key exchange algorithm, and MAC algorithm), authenticates the
server and client, and securely exchanges the key between the server and client.
SSL change cipher spec protocol—Notifies the receiving party that the subsequent packets are to be
•
protected and transmitted based on the newly negotiated cipher suite and key.
• SSL alert protocol—Sends alert messages to the receiving party. An alert message contains the alert
severity level and a description.

FIPS compliance

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see

SSL configuration task list

Tasks at a glance

Configuring an SSL server policy

Configuring an SSL client policy
Configuring an SSL server policy
An SSL server policy is a set of SSL parameters used by the SSL server. An SSL server policy takes effect
only after it is associated with an application such as HTTPS.
NOTE:
SSL versions include SSL 2.0, SSL 3.0, and TLS 1.0 (or SSL 3.1). When the device acts as the SSL server,
•
it can communicate with clients running SSL 3.0 or TLS 1.0 by default. When the server receives an SSL
2.0 Client Hello message from a client that supports both SSL 2.0 and SSL 3.0/TLS 1.0, it notifies the
client to use SSL 3.0 or TLS 1.0 for communication.
You can disable SSL 3.0 on the device to ehance system security.
•
To configure an SSL server policy:
"Configuring
Remarks
Perform this configuration task on the SSL server.
Perform this configuration task on the SSL client.
310
FIPS") and non-FIPS mode.