Using Certificates in HTTPS Clusters
Choosing the Cipher Suite for an HTTPS Cluster Connection
The cipher suite parameter for an HTTPS cluster lists all of the ciphers that can be negotiated
between Equalizer and an incoming client attempting to connect to an HTTPS cluster. Similarly,
the client application will have its own list of ciphers that it supports. The client and Equalizer need
to go through a process of negotiating the cipher that will be used for the client connection -- if
they cannot find a match, the connection will fail. The process of negotiating a cipher for a client
connection is as follows:
1. During the SSL handshake phase of the connection, the client sends Equalizer a list of the
ciphers it supports.
2. Equalizer examines the client cipher list in the order it is specified, chooses the first cipher
that matches a cipher specified in the cluster’s
Cipher Suite
parameter, and responds to the
client. If none of the ciphers offered by the client are in the
Cipher Suite
list for the cluster,
the SSL handshake fails.
It is therefore vital that you ensure that there is at least one match between the list of ciphers
supported by clients connecting to an HTTPS cluster and the
Cipher Suite
list for the cluster.
816
Copyright © 2014 Coyote Point Systems, A Subsidiary of Fortinet, Inc.
Содержание Equalizer GX Series
Страница 18: ......
Страница 32: ...Overview 32 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 42: ......
Страница 52: ......
Страница 64: ......
Страница 72: ......
Страница 76: ......
Страница 123: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 123 Equalizer Administration Guide ...
Страница 228: ......
Страница 238: ......
Страница 411: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 411 Equalizer Administration Guide ...
Страница 459: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 459 Equalizer Administration Guide ...
Страница 476: ......
Страница 492: ......
Страница 530: ......
Страница 614: ......
Страница 626: ......
Страница 638: ......
Страница 678: ......
Страница 732: ...Using SNMP Traps 732 Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc ...
Страница 754: ......
Страница 790: ......
Страница 804: ......
Страница 842: ......
Страница 847: ...Copyright 2014 Coyote Point Systems A Subsidiary of Fortinet Inc All Rights Reserved 847 Equalizer Administration Guide ...
Страница 866: ......