Encryption key length, Encryption key guidelines, Ssl and enhanced stacking – Allied Telesis AT-S63 User Manual
Page 549
AT-S63 Management Software Menus Interface User’s Guide
Section IV: Security
549
Encryption Key
Length
To create a key pair, you must specify its length. The length is given in
bits. The range is 512 to 1,536 bits, in increments of 256 bits. The default
is 512 bits.
The general rule on key lengths is that the longer the key, the more
difficult it is for someone to break (decipher). So if you are particularly
concerned about the safety of your management sessions, use a longer
key length than the default, although the default will be more than
sufficient.
Creating a key is a very CPU intensive operation for the switch. The
switch does not stop forwarding packets between the ports, but the
process can impact the CPU’s handling of network events, such as the
processing of spanning tree BPDU packets. This can result in unexpected
and unwanted switch behavior.
A key with the default length should take the switch less than a minute
to create. Longer keys can take up to 15 minutes. Consider this
information when you create a key so that you do not to impact the
operations of your network. If you want a longer key, consider creating it
before you connect the switch to the network, or during periods of low
network traffic.
Encryption Key
Guidelines
Below are guidelines to observe when creating an encryption key pair:
❑ Web browser encryption requires only one key pair.
❑ SSH encryption requires two key pairs. The keys must be of
different lengths of at least one increment (256 bits) apart. The
recommended size for the server key is 768 bits and the
recommended size for the host key is 1024 bits.
❑ An AT-9400 Series switch can only use those key pairs it has
generated itself. The switch cannot use a key created on another
system and imported onto the switch.
❑ The AT-S63 management software does not allow you to copy or
export a private key from a switch. However, you can export a
public key.
❑ The AT-S63 management software uses the RSA public key
algorithm.
❑ Web browser and SSH encryption can share a key pair.
SSL and
Enhanced
Stacking
Secure Sockets Layer (SSL) is supported in an enhanced stack, but only
when all switches in the stack are using the feature.
When a switch’s web server is operating in HTTP, management packets
are transmitted in plaintext. When it operates in HTTPS, management