beautypg.com

Zilog EZ80F91AZA User Manual

Page 39

background image

UM020107-1211

SSL Configuration

ZTP Network Security SSL Plug-In

User Manual

33

For export cipher suites using a 40-bit effective symmetric key, the cipher algorithm still
uses the full key length. The distinction is that only 40 bits of the symmetric key are pro-
tected during the key exchange algorithm for export ciphers.

IVSize

denotes the length, in bytes, of the initialization vector used by the cipher algo-

rithm. Block ciphers operating in cipher-block chaining mode (CBC) require an initializa-
tion vector.

The

MacSize

denotes the length, in bytes of the message authentication code that the SSL

record layer generates on each outbound record and verifies on each inbound record. The
MAC is constructed using the digest algorithm specified by the

HashAlg

identifier.

The

IsValid

flag determines whether or not the cipher suite definition is used while

determining a compatible set of cipher suites between the SSL client and server. If the

IsValid

flag is set to FALSE, then the cipher suite is not used during negotiations. This

setting allows applications to dynamically enable or disable cipher suites, as required.

Given a cipher suite mnemonic, it is simple to translate it into binary information which
can be used by the SSL handshake protocols. For example, the

TLS_RSA_WITH_RC4_128_MD5

mnemonic can be characterized as:

The cipher suite is designed for use with the TLS handshake protocol.

The RSA algorithm is used to exchange a secret key.

RC4 is used to encrypt/decrypt all communications once the session is established.
The RC4 algorithm implemented in SSL uses a 128-bit symmetric key.

MD5 is used as the message digest algorithm to generate MAC codes.

The corresponding

SSL_CS_INFO

structure that contains the same information is shown

in the following code fragment:

{

TLS_RSA_WITH_RC4_128_MD5,

SSL_PKI_RSA,

SSL_CIPHER_RC4,

SSL_HASH_MD5,

FALSE,

RC4_128_KEY_SIZE_BYTES,

RC4_IV_SIZE_BYTES,

MD5_HASH_SIZE_BYTES,

TRUE

};

Because the mnemonic does not contain the word EXPORT, the

IsExport

flag is set to

FALSE. Additionally manifest constants are used for the sizes of the

KeySize

,

IVSize

,

Note:

This manual is related to the following products:
See also other documents in the category Zilog Sensors: