MNS-BB
Software User Guide
-29-
SSL protocol is a security protocol that provides communications privacy over the Internet. The
protocol allows client/server applications to communicate in a way that is designed to prevent
eavesdropping, tampering, or message forgery.
The primary goal of the SSL Protocol is to provide privacy and reliability between two
communicating applications. SSL provides a library for extending the current embedded web server
by providing encryption/decryption processes and thus upgrading to HTTPS.
The Transmission Control Protocol/Internet Protocol (TCP/IP) governs the transport and routing of
data over the Internet. Other protocols, such as the HyperText Transport Protocol (HTTP), LADP or
Internet Messaging Access Protocol (IMAP), run "on top of" TCP/IP in the sense that they all use
TCP/IP to support typical application tasks such as displaying web pages or running email servers.
SSL runs above TCP/IP and below high-level application protocols
The SSL protocol runs above TCP/IP and below higher-level protocols such as HTTP or IMAP. It
uses TCP/IP on behalf of the higher-level protocols, and in the process allows an SSL-enabled server
to authenticate itself to an SSL-enabled client, allowing the client to authenticate itself to the server,
and allowing both machines to establish an encrypted connection.
These capabilities address fundamental concerns about communication over the Internet and other
TCP/IP networks:
•
SSL server authentication
allows a user to confirm a server's identity. SSL-enabled client
software can use standard techniques of public-key cryptography to check that a server's
certificate and public ID are valid and have been issued by a certificate authority (CA) listed
in the client's list of trusted CAs.
•
SSL client authentication
allows a server to confirm a user's identity. Using the same
techniques as those used for server authentication, SSL-enabled server software can check
that a client's certificate and public ID are valid and have been issued by a certificate
authority (CA) listed in the server's list of trusted CAs.
•
An encrypted SSL connection
requires all information sent between a client and a server to
be encrypted by the sending software and decrypted by the receiving software, thus
providing a high degree of confidentiality. Confidentiality is important for both parties to
any private transaction. In addition, all data sent over an encrypted SSL connection is
protected with a mechanism for detecting tampering--that is, for automatically determining
whether the data has been altered in transit.
The SSL protocol includes two sub-protocols: the SSL record protocol and the SSL handshake
protocol. The SSL record protocol defines the format used to transmit data. The SSL handshake
protocol involves using the SSL record protocol to exchange a series of messages between an SSL-
enabled server and an SSL-enabled client when they first establish an SSL connection. This exchange
of messages is designed to facilitate the following actions:
•
Authenticate the server to the client.
•
Allow the client and server to select the cryptographic algorithms, or ciphers, that they both
support.
•
Optionally authenticate the client to the server.
