For details about symmetric key algorithms, asymmetric key algorithm RSA and digital signature,
refer to Public Key Configuration in the Security Volume.
For details about PKI, certificate, and CA, refer to PKI Configuration in the Security Volume.
SSL Protocol Stack
As shown in
the lower layer and the SSL handshake protocol, change cipher spec protocol, and alert protocol at the
Figure 1-2 SSL protocol stack
SSL handshake protocol: As a very important part of the SSL protocol stack, it is responsible for
negotiating the cipher suite to be used during communication (including the symmetric encryption
algorithm, key exchange algorithm, and MAC algorithm), exchanging the key between the server
and client, and implementing identity authentication of the server and client. Through the SSL
handshake protocol, a session is established between a client and the server. A session consists of
a set of parameters, including the session ID, peer certificate, cipher suite, and master secret.
SSL change cipher spec protocol: Used for notification between a client and the server that the
subsequent packets are to be protected and transmitted based on the newly negotiated cipher
suite and key.
SSL alert protocol: Allowing a client and the server to send alert messages to each other. An alert
message contains the alert severity level and a description.
SSL record protocol: Fragmenting and compressing data to be transmitted, calculating and adding
MAC to the data, and encrypting the data before transmitting it to the peer end.
SSL Configuration Task List
Different parameters are required on the SSL server and the SSL client.
Complete the following tasks to configure SSL:
Configuring an SSL Server Policy
Configuring an SSL Client Policy
1-2, the SSL protocol consists of two layers of protocols: the SSL record protocol at