Client mode or server mode support, Digest algorithm selection – Zilog EZ80F91AZA User Manual

UM020107-1211

SSL Configuration

ZTP Network Security SSL Plug-In

User Manual

24

Client Mode or Server Mode Support

When each of the SSL handshake protocols is initialized (see the

SSL Handshake Protocol

Initialization

section on page 22), the first parameter on the initialization call specifies

whether the protocol supports the client and/or server mode of operation.

1. SSL sessions are always initialized by clients. Servers will only wait passively for

connection attempts from remote clients.

2. The SSL handshake protocols implemented in the ZTP Network Security SSL Plug-In

are capable of operating simultaneously. For example, it is possible that an SSLv3 cli-
ent session is being established at the same time as a TLSv1 server session and a
TLSv1 client session. However, when multiple sessions are established at the same
time, it takes longer for all sessions to be established than if they had been established
serially.

Digest Algorithm Selection

The SSL handshake protocols use digest algorithms for many purposes, including generat-
ing and verifying message authentication codes, generating session keys, and verifying
digital signatures. The ZTP Network Security SSL Plug-In recognizes the following four
digest (or hash) algorithms:

•

MD5

•

SHA1

•

HMAC_MD5

•

HMAC_SHA1



Depending on the SSL handshake protocols used and the configuration of cipher suites,
some of these digest algorithms can be removed from the project to reduce code size. This
removal can be performed by modifying

HashGen

array in the

hash_conf.c

file.

The default setting of the

HashGen

array is shown in the following code fragment.

HASH_NEW

HashGen[ SSL_MAX_HASH ] =

{

NullHash_New,

MD5_New,

HMAC_MD5_New,

SHA1_New,

HMAC_SHA1_New

};

Notes: