SENA SS800 User Manual

58

algorithm is used to encrypt the bulk of data transmitted across the SSL/TLS connection. The hash

algorithm is used to protect transmitted data against modification during transmission. The length of

the keys used in both the symmetric and asymmetric algorithms must also be specified.

When a client makes an SSL/TLS connection to a server, it sends a list of the cipher suites that it is

capable of and willing to use. The server compares this list with its own supported cipher suites and

chooses the first cipher suite proposed by the client that it is capable of and willing to use. Both the

client and server then use this cipher suite to secure the connection.

Choice of cipher suite(s) depends on environment and security requirements. The RSA-based cipher

suites are the most widely used and may also give some advantages in terms of speed.

The Super Series support various cipher suites and user can select each cipher suite by enabling or

disabling corresponding cipher suite.



Verify client (server mode only)

If user selects Verify client option as Yes, Super Series will request the client's certificate while in SSL

handshaking process (Step 2). On the contrary, if user selects Verify client option as No, Super Series

does not request the client's certificate while in SSL handshaking process (Step 2).



Verify certificate chain depth

A certificate chain is a sequence of certificates, where each certificate in the chain is signed by the

subsequent certificate. The purpose of certificate chain is to establish a chain of trust from a its

own(peer) certificate to a trusted CA certificate. The CA vouches for the identity in the peer certificate

by signing it. If the CA is one that user trusts (indicated by the presence of a copy of the CA certificate

in user’s root certificate directory), this implies user can trust the signed peer certificate as well. In

Super Series, user can restrict number of certificate chain depth so that Super Series does not search

a trusted CA certificate infinitely in a certificate chain.



Check the certificate CN

If user selects Check the certificate CN option as Yes, Super Series will check whether the host name

is matched with Common Name(CN) in the certificate, and if they do not matched, Super Series will

close connection request to the remote host. On the contrary, if user selects Check the certificate CN

option as No, Super Series does not check whether the host name is matched with Common

Name(CN) in the certificate.

Super Series checks Common Name(CN) only if it acts as SSL/TLS client.