Chapter 46 ssl configuration, 1 introduction to ssl, 1 basic element of ssl – QTECH QSW-3400 Инструкция по настройке User Manual

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

360

Chapter 46 SSL Configuration

46.1 Introduction to SSL

As the computer networking technology spreads, the security of the network has been taking

more and more important impact on the availability and the usability of the networking

application. The network security has become one of the greatest barriers of modern

networking applications.

To protect sensitive data transferred through Web, Netscape introduced the Secure Socket

Layer

– SSL protocol, for its Web browser. Up till now, SSL 2.0 and 3.0 has been released.

SSL 2.0 is obsolete because of security problems, and it is not supported on the switches of

Network. The SSL protocol uses the public-key encryption, and has become the industry

standard for secure communication on internet for Web browsing. The Web browser integrates

HTTP and SSL to realize secure communication.

SSL is a safety protocol to protect private data transmission on the Internet. SSL protocols are

designed for secure transmission between the client and the server, and authentication both at

the server sides and optional client. SSL protocols must build on reliable transport layer (such

as TCP). SSL protocols are independent for application layer. Some protocols such as HTTP,

FTP, TELNET and so on, can build on SSL protocols transparently. The SSL protocol

negotiates for the encryption algorithm, the encryption key and the server authentication

before data is transmitted. Ever since the negotiation is done, all the data being transferred will

be encrypted.

Via above introduction, the security channel is provided by SSL protocols have below three

characteristics:



Privacy. First they encrypt the suite through negotiation, then all the messages be

encrypted.



Affirmation. Though the client authentication of the conversational is optional, but the

server is always authenticated.



Reliability. The message integrality inspect is included in the sending message (use

MAC).

46.1.1 Basic Element of SSL

The basic strategy of SSL provides a safety channel for random application data forwarding

between two communication programs. In theory, SSL connect is similar with encrypt TCP

connect. The position of SSL protocol is under application layer and on the TCP. If the

mechanism of the data forwarding in the lower layer is reliable, the data read-in the network