Ssl protocol stack – H3C Technologies H3C SecPath F1000-E User Manual

932

Figure 407 Message integrity verification by a MAC algorithm

NOTE:

For more information about symmetric key algorithms, asymmetric key algorithm RSA, digital signature,
and PKI, see

VPN Configuration Guide.

SSL protocol stack

As shown in

Figure 408

, the SSL protocol consists of two layers of protocols: the SSL record protocol at

the lower layer and the SSL handshake protocol, change cipher spec protocol, and alert protocol at the

upper layer.

Figure 408 SSL protocol stack

•

SSL record protocol—Fragments data to be transmitted, computes and adds MAC to the data, and
encrypts the data before transmitting it to the peer end.

•

SSL handshake protocol—Negotiates the cipher suite to be used for secure communication
(including the symmetric encryption algorithm, key exchange algorithm, and MAC algorithm),
securely exchanges the key between the server and client, and implements identity authentication

of the server and client. Through the SSL handshake protocol, a session is established between a

client and the server. A session consists of a set of parameters, including the session ID, peer

certificate, cipher suite, and master secret.

•

SSL change cipher spec protocol—Used for notification between the client and the server that the

subsequent packets are to be protected and transmitted based on the newly negotiated cipher suite
and key.

•

SSL alert protocol—Enables the SSL client and server to send alert messages to each other. An alert
message contains the alert severity level and a description.