Table of Contents
Advertisement
Chapter 6. Using SSL/TLS with Red Hat Console
• A list of acceptable cipher suites
• A list of acceptable compression methods
• A randomly-generated number
2. The server responds to the client:
• The chosen TLS/SSL version (this is the highest version in common with both the server and
client)
• The selected cipher suite (the most secure version the server and client have in common)
• The selected compression method (the most secure version the server and client have in
common)
• A randomly-generated number of its own
3. The server then sends its certificate. The server and client will use the public key in the certificate
to decrypt messages once the handshake ends and the secure session is established.
4. The client verifies the identity of the server using the information in the server certificate:
• The validity period (the expiration date of the server certificate)
• Whether the client possesses a copy of the CA certificate for the authority which issued the
server's certificate (whether the certificate was issued by a trusted CA)
• Verifying the digital signature of the issuing CA for the server certificate
• Whether the domain name for the server in the certificate subject name matches the actual
domain name of the server
5. Depending on the cipher suite being used, the client sends the server key material to use to
generate session keys to encrypt data. This key material can be public key or a master key secret
which is used to derive the encryption keys.
6. Using the key material sent by the client, the randomly-generated numbers from the client and
server, and the selected cipher, the server and client independently derive the same encryption
keys.
7. The client sends a notification to the server that all subsequent messages from it will be encrypted.
It also sends a hash and a message authentication key which are wrapped in the client's
encryption key.
8. The server successfully decrypts the client's message using its derived encryption keys.
9. The server then sends a hash and a MAC key to the client, wrapped in the server's encryption key.
10. The client successfully decrypts the server's message using its derived encryption keys.
11. The TLS handshake closes, and the secure channel opens between the server and the client.
The Red Hat Console can be configured to be encrypted by SSL/TLS by configuring the Red Hat
Directory Server to enable SSL in the Console.
58
Advertisement
Table of Contents
Related Manuals for Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
Related Products for Red Hat DIRECTORY SERVER 8.1 - USING RED HAT CONSOLE 4-28-2008
- Red Hat DIRECTORY SERVER 7.1 - ADMINISTRATOR
- Red Hat DIRECTORY SERVER 7.1 - DEPLOYMENT
- Red Hat DIRECTORY SERVER 7.1 - GATEWAY CUSTOMIZATION
- Red Hat DIRECTORY SERVER 7.1 - PLUG-IN PROGRAMMERS
- Red Hat DIRECTORY SERVER 7.1 SP7 - S
- Red Hat DIRECTORY SERVER 8.0
- Red Hat DIRECTORY SERVER 8.1 - 11-01-2010
- Red Hat DIRECTORY SERVER 8.1 - USING THE ADMIN SERVER