Table of Contents
Advertisement
Setting Security Preferences
Setting Security Preferences
Once you have a certificate, you can begin securing your server. Several security
elements are provided by Enterprise Server.
Encryption is the process of transforming information so it is unintelligible to
anyone but the intended recipient. Decryption is the process of transforming
encrypted information so that it is intelligible again. Enterprise Server 6.1 includes
supports SSL and TLS encryption protocols.
A cipher is a cryptographic algorithm (a mathematical function), used for
encryption or decryption. SSL and TLS protocols contain numerous cipher suites.
Some ciphers are stronger and more secure than others. Generally speaking, the
more bits a cipher uses, the harder it is to decrypt the data.
In any two-way encryption process, both parties must use the same ciphers.
Because a number of ciphers are available, you need to enable your server for those
most commonly used.
During a secure connection, the client and the server agree to use the strongest
cipher they can both have for communication. You can choose ciphers from the
SSL2, SSL3, and TLS protocols.
NOTE
The encryption process alone isn't enough to secure your server's confidential
information. A key must be used with the encrypting cipher to produce the actual
encrypted result, or to decrypt previously encrypted information. The encryption
process uses two keys to achieve this result: a public key and a private key.
Information encrypted with a public key can be decrypted only with the associated
private key. The public key is published as part of a certificate; only the associated
private key is safeguarded.
To specify which ciphers your server can use, check them in the list. Unless you
have a compelling reason not to use a specific cipher, you should check them all.
However, you may not wish to enabling ciphers with less than optimal encryption.
CAUTION
108
Netscape Enterprise Server Administrator's Guide • April 2002 (Draft)
Improvements to security and performance were made after SSL
version 2.0; you should not use SSL 2 unless you have clients that
are not capable of using SSL 3. Client certificates are not guaranteed
to work with SSL 2 ciphers.
Do not select No Encryption, only MD5 message authentication. If
no other ciphers are available on the client side, the server will
default to this setting and no encryption will occur.
Advertisement
Table of Contents
Need help?
Do you have a question about the NETSCAPE ENTREPRISE SERVER 6.1 - 04-2002 ADMINISTRATOR and is the answer not in the manual?
Questions and answers