Table of Contents
Advertisement
53.1 Introduction to SSL
As the computer net working technology spreads, the security of the network has been taking more and more
important impact on the availability and the usability of the networking application. The network security has
become one of the greatest barriers of modern networking applications.
To prot ect sensitive data transferred through Web, Netscape introduced the S ecure Socket Layer – SSL
protocol, for its Web browser. Up till now, SSL 2.0 and 3.0 has been released. SSL 2.0 is obsolete bec ause of
security problems, and it is not supported on the switches of Network. The SSL protocol uses the public-key
encryption, and has become the industry standard for secure communication on internet for Web browsing.
The Web browser integrates HTTP and SSL to realize secure communication.
SSL is a safety protocol to protect private data transmission on the Internet. SSL protocols are designed for
secure transmission bet ween the client and the server, and authentication both at the server sides and
optional client. SSL protocols must build on reliable transport layer (such as TCP ). SSL protocols are
independent for application layer. Some protocols such as HTTP, FTP, TELNE T and so on, can build on SSL
protocols transparently. The SSL protocol negotiates for the encryption algorithm, the enc ryption key and the
server authentication before data is transmitted. E ver since the negotiation is done, all the data being
transferred will be encrypted.
Via above introduction, the security channel is provided by SSL protocols have below three characteristics:
Privacy. First they encrypt the suite through negotiation, then all the messages be encrypted.
Affirmation. Though t he client authentication of the conversational is optional, but the server is
always authenticated.
Reliability. The message integrality inspect is included in the sending message (use MAC).
53.1.1 Basic Element of SSL
The basic strategy of SSL provides a safety channel for random application data forwarding between two
communication programs. In theory, SSL connect is similar with encrypt TCP connect. The position of SSL
protocol is under application layer and on the TCP. If the mechanism of the data forwarding in the lower layer
is reliable, the data read-in the network will be forwarded to the other program in sequence, lose packet and
re-forwarding will not appear. A lot of transmission protocols can provide such kind of service in theory, but in
actual application, SSL is almost running on TCP, and not running on UDP and IP directly.
When web function is running on the switch and client visit our web site through the internet browser, we can
use SSL function. The communication between client and switch through SSL connect can improve the
security.
Firstly, SSL should be enabled on the switch. When the client tries to access the switch through https method,
a SSL session will be set up between the switch and the client. When the SSL session has been set up, all the
Chapter 53 SSL Configuration
53-1
Advertisement
Table of Contents
Troubleshooting
