1 ssl configuration, Ssl overview, Ssl security mechanism – H3C Technologies H3C S3100 Series Switches User Manual
Page 1011: Ssl configuration
1-1
1
SSL Configuration
When configuring SSL, go to these sections for information you are interested in:
z
z
z
Displaying and Maintaining SSL
z
SSL Overview
Secure Sockets Layer (SSL) is a security protocol providing secure connection service for TCP-based
application layer protocols, for example, HTTP protocol. It is widely used in E-business and online bank
fields to provide secure data transmission over the Internet.
SSL Security Mechanism
SSL provides these security services:
z
Confidentiality: SSL uses a symmetric encryption algorithm to encrypt data and uses the Rivest,
Shamir, and Adelman (RSA) algorithm to encrypt the key to be used by the symmetric encryption
algorithm.
z
Authentication: SSL supports certificate-based authentication of the server and the client by using
the digital signatures, with the authentication of the client being optional. The SSL server and client
obtain certificates from a certificate authority (CA) through the Public Key Infrastructure (PKI).
z
Reliability: SSL uses the key-based message authentication code (MAC) to verify message
integrity. A MAC algorithm transforms a message of any length to a fixed-length message.
illustrates how SSL uses a MAC algorithm to verify message integrity. With the key, the sender
uses the MAC algorithm to compute the MAC value of a message. Then, the sender suffixes the
MAC value to the message and sends the result to the receiver. The receiver uses the same key
and MAC algorithm to compute the MAC value of the received message, and compares the locally
computed MAC value with that received. If the two matches, the receiver considers the message
intact; otherwise, the receiver considers the message tampered and discards the message.
Figure 1-1 Message integrity verification by a MAC algorithm