Authentication, Support for ssl, Authentication support for ssl – Allied Telesis AT-S60 User Manual

Chapter 25: Secure Sockets Layer (SSL)

Section V: Security Features

526

The Change Cipher Spec message informs the receiving party that all
subsequent messages are encrypted using previously negotiated
security options. The parties use the strongest cryptographic systems
that they both support.

The Alert message is used if the client or server detects an error. Alert
messages also inform the other end that the session is about to close. In
addition, the Alert message contains a severity rating and a description
of the alert. For example, an alert message is sent if either party receives
an invalid certificate or an unexpected message.

The Application data message encapsulates the encrypted application
data.

Authentication

Authentication is the process of ensuring both the web site and the end
user are genuine. In other words, they are not imposters. Both the server
and an individual users need to be authenticated. This is especially
important when transmitting secure data over the Internet.

To verify the authenticity of a server, the server has a public and private
key. The public key is given to the user.

SSL uses certificates for authentication. A certificate binds a public key to
a server name. A Certification Authority issues certificates after checking
that a public key belongs to its claimed owner. There are several
agencies that are trusted to issue certificates. Individual browsers have
approved Root CAs that are built in to the browser.

Note

See Public Key Infrastructure Overview on page 502 for detailed
information about certificates.

Support for SSL

The AT-8400 switch implements the following versions of SSL:

❑ Mandatory parts of RFC 2246 (TLSv1), except for DSS encryption

❑ Mandatory parts of SSLv3

❑ SSLv2 client hello

❑ SHA1 for MAC