1-1
1
SSL Configuration
When configuring SSL, go to these sections for information you are interested in:
z
SSL Overview
z
SSL Configuration Task List
z
Displaying and Maintaining SSL
z
Troubleshooting SSL
SSL Overview
Secure Sockets Layer (SSL) is a security protocol providing secure connection service for TCP-based
application layer protocols, for example, HTTP protocol. It is widely used in E-business and online bank
fields to provide secure data transmission over the Internet.
SSL Security Mechanism
SSL provides these security services:
z
Confidentiality: SSL uses a symmetric encryption algorithm to encrypt data and uses the
asymmetric key algorithm of Rivest, Shamir, and Adelman (RSA) to encrypt the key to be used by
the symmetric encryption algorithm.
z
Authentication: SSL supports certificate-based identity authentication of the server and client by
using the digital signatures. The SSL server and client obtain certificates from a certificate authority
(CA) through the Public Key Infrastructure (PKI).
z
Reliability: SSL uses the key-based message authentication code (MAC) to verify message
integrity. A MAC algorithm transforms a message of any length to a fixed-length message.
Figure
1-1
illustrates how SSL uses a MAC algorithm to verify message integrity. With the key, the sender
uses the MAC algorithm to compute the MAC value of a message. Then, the sender suffixes the
MAC value to the message and sends the result to the receiver. The receiver uses the same key
and MAC algorithm to compute the MAC value of the received message, and compares the locally
computed MAC value with that received. If the two matches, the receiver considers the message
intact; otherwise, the receiver considers that the message has been tampered with in transit and
discards the message.
Figure 1-1
Message integrity verification by a MAC algorithm
Key
Message
Sender
Message
Send to
the
receiver
MAC
Key
Receiver
Compare
Message
Compute
the MAC
Compute
the MAC
MAC
MAC