Technical overview, Ssl encryption – Allied Telesis AT-S63 User Manual

Chapter 34: PKI Certificates and SSL

786

Section VIII: Management Security

Technical Overview

This section describes the Secure Sockets Layer (SSL) feature, a security
protocol that provides a secure and private TCP connection between a
client and server.

SSL can be used with many higher layer protocols including HTTP, File
Transfer Protocol (FTP) and Net News Transfer Protocol (NNTP). Most
web browsers and servers support SSL, and its most common deployment
is for secure connections between a client and server over the Internet.

The switch supports SSL versions 2.0 (client hello only) and 3.0 which
were developed by Netscape, and the Internet Engineering Task Force
(IETF) standard for SSL, known as SSL version 3.1 or Transport Layer
Security (TLS).

Within the Ethernet protocol stack, SSL is a Layer 4 protocol that is in
between the HTTP and TCP protocol layers. HTTP communicates with
SSL in the same way as with TCP. In other words, TCP processes SSL
requests like any other protocol requesting its services.

SSL provides a secure connection over which web pages can be
accessed from an HTTP server. The operation of SSL is transparent to the
end user who is accessing a web site with the following exceptions:

ˆ

The site’s URL changes from HTTP to HTTPS.

ˆ

The browser indicates that it is a secured connection by displaying an
icon, such as a padlock icon.

By default, HTTP and HTTPS use the separate well-known ports 80 and
443, respectively. Secure connections over the Internet are important
when transmitting confidential data such as credit card details or
passwords. SSL allows the client to verify the server’s identity before
either side sends any sensitive information. SSL also prevents a third
party from interfering with the message because only trusted devices have
access to the unprotected data.

SSL Encryption

SSL uses encryption to ensure the security of data transmission.
Encryption is a process that uses an algorithm to encode data so it can
only be accessed by a trusted device. An encrypted message remains
confidential.

All application data messages are authenticated by SSL with a message
authentication code (MAC). The MAC is a checksum that is created by the
sender and is sent as part of the encrypted message. The recipient re-
calculates the MAC, and if the values match, the sender’s identity is
verified. The MAC also ensures that the message has not been tampered
with by a third party because any change to the message changes the
MAC.