Using Certificates in HTTPS Clusters
Choosing the Cipher Suite for an HTTPS Cluster Connection
The cipher suite parameter for an HTTPS cluster lists all of the ciphers that can be negotiated
between Equalizer and an incoming client attempting to connect to an HTTPS cluster. Similarly,
the client application will have its own list of ciphers that it supports. The client and Equalizer need
to go through a process of negotiating the cipher that will be used for the client connection -- if
they cannot find a match, the connection will fail. The process of negotiating a cipher for a client
connection is as follows:
1. During the SSL handshake phase of the connection, the client sends Equalizer a list of the
ciphers it supports.
2. Equalizer examines the client cipher list in the order it is specified, chooses the first cipher
that matches a cipher specified in the cluster’s
Cipher Suite
parameter, and responds to the
client. If none of the ciphers offered by the client are in the
Cipher Suite
list for the cluster,
the SSL handshake fails.
It is therefore vital that you ensure that there is at least one match between the list of ciphers
supported by clients connecting to an HTTPS cluster and the
Cipher Suite
list for the cluster.
816
Copyright © 2014 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
Summary of Contents for Equalizer GX Series
Page 18: ......
Page 32: ...Overview 32 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Page 42: ......
Page 52: ......
Page 64: ......
Page 72: ......
Page 76: ......
Page 228: ......
Page 238: ......
Page 476: ......
Page 492: ......
Page 530: ......
Page 614: ......
Page 626: ......
Page 638: ......
Page 678: ......
Page 732: ...Using SNMP Traps 732 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Page 754: ......
Page 790: ......
Page 804: ......
Page 842: ......
Page 866: ......