Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR Administrator's Manual page 801
Hide thumbs
Also See for CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR:
Table of Contents
Advertisement
The SSL protocol includes two sub-protocols: the SSL record protocol and the SSL
handshake protocol. The SSL record protocol defines the format used to transmit data. The
SSL handshake protocol involves using the SSL record protocol to exchange a series of
messages between an SSL-enabled server and an SSL-enabled client when they first
establish an SSL connection. This exchange of messages is designed to facilitate the
following actions:
•
Authenticate the server to the client.
•
Allow the client and server to select the cryptographic algorithms, or ciphers, that they
both support.
•
Optionally authenticate the client to the server.
•
Use public-key encryption techniques to generate shared secrets.
•
Establish an encrypted SSL connection.
For more information about the handshake process, see "The SSL Handshake," which
begins on page
Ciphers Used with SSL
The SSL protocol supports the use of a variety of different cryptographic algorithms, or
ciphers, for use in operations such as authenticating the server and client to each other,
transmitting certificates, and establishing session keys. Clients and servers may support
different cipher suites, or sets of ciphers, depending on factors such as the version of SSL
they support, company policies regarding acceptable encryption strength, and government
restrictions on export of SSL-enabled software. Among its other functions, the SSL
handshake protocol determines how the server and client negotiate which cipher suites they
will use to authenticate each other, to transmit certificates, and to establish session keys.
Key-exchange algorithms like KEA and RSA key exchange govern the way in which the
server and client determine the symmetric keys they will both use during an SSL session.
The most commonly used SSL cipher suites use RSA key exchange.
The SSL 2.0 and SSL 3.0 protocols support overlapping sets of cipher suites.
Administrators can enable or disable any of the supported cipher suites for both clients and
servers. When a particular client and server exchange information during the SSL
handshake, they identify the strongest enabled cipher suites they have in common and use
those for the SSL session.
Decisions about which cipher suites a particular organization decides to enable depend on
trade-offs among the sensitivity of the data involved, the speed of the cipher, and the
applicability of export rules.
805."
Ciphers Used with SSL
Appendix K
Introduction to SSL
801
Advertisement
Table of Contents
Related Manuals for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
Related Products for Red Hat CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR
- Red Hat CERTIFICATE SYSTEM 7.0 - MIGRATION GUIDE
- Red Hat CERTIFICATE SYSTEM 7.3 - ADMINISTRATION
- Red Hat LINUX 7.2 - S-390
- Red Hat LINUX 7.1 - PSERIES
- Red Hat SYSTEM 8.0 - MIGRATION GUIDE 7.X TO 8.0
- Red Hat CERTIFICATE SYSTEM 7.2 - AGENT GUIDE
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat Application Server
- Red Hat APPLICATION SERVER - JONAS
- Red Hat APPLICATION STACK 1.1 RELEASE
- Red Hat APPLICATION STACK 1.2 RELEASE
- Red Hat APPLICATION STACK 1.3 RELEASE
- Red Hat APPLICATION STACK 1.4 RELEASE
- Red Hat APPLICATION STACK 2.0 RELEASE
- Red Hat APPLICATION STACK 2.1 RELEASE
- Red Hat APPLICATION STACK 2.2 RELEASE
Need help?
Do you have a question about the CERTIFICATE SYSTEM 7.1 - ADMINISTRATOR and is the answer not in the manual?