Zilog EZ80F91AZA User Manual
Page 40
UM020107-1211
SSL Configuration
ZTP Network Security SSL Plug-In
User Manual
34
and
MacSize
fields. Lastly, the
IsValid
flag is set to TRUE so that this cipher suite can
be used for establishing a session.
Cipher Suite Tables
The first step in establishing an SSL session is for the client and server to determine a
common cipher suite. Both the client and server must be capable of supporting the exact
same cipher suite, or else the session will not be established. If the client supports only
TLS_RSA_WITH_RC4_128_MD5
and the server supports only
TLS_RSA_WITH_RC4_128_SHA
, the client and server cannot establish an SSL session.
To facilitate the establishment of a session, it is advantageous if both parties are capable of
supporting multiple cipher suites. This type of support increases the chance that at least
one match will be found. With the ZTP Network Security SSL Plug-In, this task is accom-
plished by creating tables of
SSL_CS_INFO
structures that define a set of cipher suites
supported by the SSL handshake protocols. Each implemented SSL handshake protocol
has a global variable, defined in
ssl_conf.c
, that references its table of cipher suites.
These variables are named:
•
pSSL2_CipherSuites
•
pSSL3_CipherSuites
•
pTLS1_CipherSuites
A second set of global variables specifies how many entries are present in each of the
cipher suite tables. These variables are named:
•
NumSSL2_CipherSuites
•
NumSSL3_CipherSuites
•
NumTLS1_CipherSuites
The following code fragment shows a sample cipher suite table for the TLSv1 handshake
protocol. For clarity, only the mnemonic of the
SSL_CS_INFO
structure is shown, fol-
lowed by an ellipsis.
SSL_CS_INFO
TLS1_CipherSuites[] =
{
{ TLS_NULL_WITH_NULL_NULL, ... },
{ TLS_RSA_WITH_RC4_128_MD5, ... },
{ TLS_RSA_WITH_DES_CBC_SHA, ... }
};
SSL_BYTE NumTLS1_CipherSuites
=
sizeof(TLS1_CipherSuites) / sizeof(SSL_CS_INFO);
SSL_CS_INFO
*pTLS1_CipherSuites = TLS1_CipherSuites;