Ssl protocol stack, Ssl configuration task list, Configuring an ssl server policy – H3C Technologies H3C S3600 Series Switches User Manual
Page 1189
1-2
SSL Protocol Stack
As shown in
, the SSL protocol consists of two layers of protocols: the SSL record protocol at
the lower layer and the SSL handshake protocol, change cipher spec protocol, and alert protocol at the
upper layer.
Figure 1-2 SSL protocol stack
z
SSL handshake protocol: As a very important part of the SSL protocol stack, it is responsible for
negotiating the cipher suite to be used during communication (including the symmetric encryption
algorithm, key exchange algorithm, and MAC algorithm), exchanging the key between the server
and client, and implementing identity authentication of the server and client. Through the SSL
handshake protocol, a session is established between a client and the server. A session consists of
a set of parameters, including the session ID, peer certificate, cipher suite, and master secret.
z
SSL change cipher spec protocol: Used for notification between a client and the server that the
subsequent packets are to be protected and transmitted based on the newly negotiated cipher
suite and key.
z
SSL alert protocol: Allowing a client and the server to send alert messages to each other. An alert
message contains the alert severity level and a description.
z
SSL record protocol: Fragmenting data to be transmitted, computing and adding MAC to the data,
and encrypting the data before transmitting it to the peer end.
SSL Configuration Task List
Different parameters are required on the SSL server and the SSL client.
Complete the following tasks to configure SSL:
Task
Remarks
Configuring an SSL Server Policy
Required
Configuring an SSL Client Policy
Optional
Configuring an SSL Server Policy
An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server
policy takes effect only after it is associated with an application layer protocol, HTTP protocol, for
example.