Configuring Ssl; Ssl Security Mechanism - HP A6600 Configuration Manual

Configuring SSL

This feature is available only on centralized routers.
SSL is a security protocol that provides secure connection services for TCP-based application layer
protocols such as HTTP. It is widely used in e-business and online bank fields to ensure secure data
transmission over the Internet.

SSL security mechanism

Secure connections provided by SSL have these features:
Confidentiality—SSL uses a symmetric encryption algorithm to encrypt data and uses the
•
asymmetric key algorithm of RSA to encrypt the key to be used by the symmetric encryption
algorithm.
Authentication—SSL supports certificate-based identity authentication of the server and client by
•
using digital signatures. The SSL server and client obtain certificates from a CA through the PKI.
Reliability—SSL uses the key-based MAC to verify message integrity. A MAC algorithm transforms
•
a message of any length to a fixed-length message.
algorithm to verify message integrity. With the key, the sender uses the MAC algorithm to compute
the MAC value of a message. Then, the sender suffixes the MAC value to the message and sends
the result to the receiver. The receiver uses the same key and MAC algorithm to compute the MAC
value of the received message and compares the locally computed MAC value with that received. If
the two match, the receiver considers the message to be intact. Otherwise, the receiver considers
that the message has been tampered with in transit, and it discards the message.
Figure 119 Message integrity verification by a MAC algorithm
NOTE:
For more information about symmetric key algorithms, asymmetric key algorithm RSA, and digital
•
signature, see
For more information about PKI, certificate, and CA, see
•
"Configuring public keys."
Figure 119
"Configuring
340
illustrates how SSL uses a MAC
PKI."