User verification – Allied Telesis AT-S63 User Manual
Page 787

AT-S63 Management Software Menus Interface User’s Guide
Section VIII: Management Security
787
SSL uses asymmetrical (Public Key) encryption to establish a connection 
between client and server, and symmetrical (Secret Key) encryption for 
the data transfer phase.
User Verification
An SSL connection has two phases: handshake and data transfer. The 
handshake initiates the SSL session, during which data is securely 
transmitted between a client and server. During the handshake, the 
following occurs:
The client and server establish the SSL version they are to use.
The client and server negotiate the cipher suite for the session, which 
includes encryption, authentication, and key exchange algorithms.
The symmetrical key is exchanged.
The client authenticates the server (optionally, the server authenticates 
the client).
SSL messages are encapsulated by the Record Layer before being 
passed to TCP for transmission. Four types of SSL messages exist, they 
are:
Handshake
Change Cipher Spec
Alert
Application data (HTTP, FTP or NNTP)
As discussed previously, the Handshake message initiates the SSL 
session.
The Change Cipher Spec message informs the receiving party that all 
subsequent messages are encrypted using previously negotiated security 
options. The parties use the strongest cryptographic systems that they 
both support.
The Alert message is used if the client or server detects an error. Alert 
messages also inform the other end that the session is about to close. In 
addition, the Alert message contains a severity rating and a description of 
the alert. For example, an alert message is sent if either party receives an 
invalid certificate or an unexpected message.
The Application data message encapsulates the encrypted application 
data.
