beautypg.com

Creating ssl applications, Ssl applications in ztp-based systems – Zilog EZ80F91AZA User Manual

Page 63

background image

UM020107-1211

Creating SSL Applications

ZTP Network Security SSL Plug-In

User Manual

57

Creating SSL Applications

This chapter explains how to migrate a TCP-based client or server application to use SSL.

UDP-based applications cannot use SSL.

Automatic Protocol Negotiation

When a remote SSL client attempts to establish an SSL session with a local server, the
remote client is free to use any version of the SSL handshake protocol it requires (i.e.,
SSLv2, SSLv3 or TLSv1). If the corresponding SSL handshake protocol layer in the ZTP
Network Security SSL Plug-In is also initialized and a compatible cipher suite is negoti-
ated, then the session is established.

When a local ZTP SSL client attempts to establish a connection with a remote SSL server,
the ZTP Network Security SSL Plug-In, on its initial attempt, will use the highest version
of the SSL handshake protocol initialized in client mode. For example, if TLSv1 and
SSLv3 and SSLv2 have all been initialized in client mode (see the

Client Mode or Server

Mode Support

section on page 24), then the TLSv1 handshake protocol will first be used

to attempt to establish the session. If this session fails, the ZTP SSL layer will automati-
cally reattempt the connections using the next-highest version of the SSL handshake pro-
tocol layer initialized in client mode (SSLv3 in this example). This process continues until
either the session is established or until all client-enabled handshake protocols fail to
establish the session.

SSL Applications in ZTP-Based Systems

Transferring encrypted data using any of the ZTP SSL handshake protocols follows the
same semantics as transferring data using the ZTP TCP layer. However, the syntax is
slightly different.

Server Applications

This section provides a procedure that a ZTP TCP server process uses to create a TCP con-
nection, and shows the modification required to use the SSL layer. For more information
about the TCP socket APIs, refer to the API Definitions section of the

ZTP Network Secu-

rity SSL Plug-In Reference Manual (RM0047)

. Observe the following procedure to estab-

lish a TCP-SSL connection in server mode:

1. To open a TCP-SSL server socket, a TCP server application in ZTP must first create a

TCP server socket that must be listening for the connections. The following code frag-
ment offers an example.

Note:

This manual is related to the following products:
See also other documents in the category Zilog Sensors: