HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 227
Configuration task list, Configuring an SSL server policy
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 227 highlights
Figure 66 SSL protocol stack • SSL record protocol-Fragments data to be transmitted, computes and adds MAC to the data, and encrypts the data before transmitting it to the peer end. • SSL handshake protocol-Negotiates the cipher suite to be used for secure communication (including the symmetric encryption algorithm, key exchange algorithm, and MAC algorithm), securely exchanges the key between the server and client, and implements identity authentication of the server and client. Through the SSL handshake protocol, a session is established between a client and the server. A session consists of a set of parameters, including the session ID, peer certificate, cipher suite, and master secret. • SSL change cipher spec protocol-Used for notification between the client and the server that the subsequent packets are to be protected and transmitted based on the newly negotiated cipher suite and key. • SSL alert protocol-Enables the SSL client and server to send alert messages to each other. An alert message contains the alert severity level and a description. Configuration task list Task Configuring an SSL server policy Configuring an SSL client policy Remarks Required Optional Configuring an SSL server policy An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server policy takes effect only after it is associated with an application such as HTTPS. SSL mainly comes in these versions: SSL 2.0, SSL 3.0, and TLS 1.0, where TLS 1.0 corresponds to SSL 3.1. When the switch acts as an SSL server, it can communicate with clients running SSL 3.0 or TLS 1.0, and can identify the SSL 2.0 Client Hello message from a client supporting SSL 2.0 and SSL 3.0/TLS 1.0 and notify the client to use SSL 3.0 or TLS 1.0 to communicate with the server. To configure an SSL server policy: Step 1. Enter system view. 2. Create an SSL server policy and enter its view. Command system-view ssl server-policy policy-name Remarks N/A N/A 217