Chapter 44 ssl configuration -321, Ntroduction to, Ssl -321 – QTECH QSW-2800 Инструкция по настройке User Manual

Page 335: 1 basic element of ssl -321, Chapter 44 ssl configuration, 1 introduction to ssl, 1 basic element of ssl

background image

+7(495) 797-3311 www.qtech.ru
Москва, Новозаводская ул., 18, стр. 1

321

Chapter 44 SSL Configuration

44.1 Introduction to SSL

As the computer networking technology spreads, the security of the network has been taking

more and more important impact on the availability and the usability of the networking

application. The network security has become one of the greatest barriers of modern

networking applications.

To protect sensitive data transferred through Web, Netscape introduced the Secure Socket

Layer

– SSL protocol, for its Web browser. Up till now, SSL 2.0 and 3.0 has been released.

SSL 2.0 is obsolete because of security problems, and it is not supported on the switches of

Network. The SSL protocol uses the public-key encryption, and has become the industry

standard for secure communication on internet for Web browsing. The Web browser integrates

HTTP and SSL to realize secure communication.

SSL is a safety protocol to protect private data transmission on the Internet. SSL protocols are

designed for secure transmission between the client and the server, and authentication both at

the server sides and optional client. SSL protocols must build on reliable transport layer (such

as TCP). SSL protocols are independent for application layer. Some protocols such as HTTP,

FTP, TELNET and so on, can build on SSL protocols transparently. The SSL protocol

negotiates for the encryption algorithm, the encryption key and the server authentication

before data is transmitted. Ever since the negotiation is done, all the data being transferred will

be encrypted.

Via above introduction, the security channel is provided by SSL protocols have below three

characteristics:

Privacy. First they encrypt the suite through negotiation, then all the messages be encrypted.

Affirmation. Though the client authentication of the conversational is optional, but the server is

always authenticated.

Reliability. The message integrality inspect is included in the sending message (use MAC).

44.1.1 Basic Element of SSL

The basic strategy of SSL provides a safety channel for random application data forwarding

between two communication programs. In theory, SSL connect is similar with encrypt TCP

connect. The position of SSL protocol is under application layer and on the TCP. If the

mechanism of the data forwarding in the lower layer is reliable, the data read-in the network

will be forwarded to the other program in sequence, lose packet and re-forwarding will not

appear. A lot of transmission protocols can provide such kind of service in theory, but in actual

application, SSL is almost running on TCP, and not running on UDP and IP directly.