Configuring ssl, Overview, Ssl security mechanism – H3C Technologies H3C SecBlade LB Cards User Manual

149

Configuring SSL

Secure Sockets Layer (SSL) can be configured only at the CLI.

Overview

Secure Sockets Layer (SSL) is a security protocol that provides secure connection services for TCP-based
application layer protocols such as HTTP. It is widely used in e-business and online banking to provide

secure data transmission over the Internet.

SSL security mechanism

Secure connections provided by SSL have these features:

•

Confidentiality—SSL uses a symmetric encryption algorithm to encrypt data and uses the
asymmetric key algorithm of RSA to encrypt the key to be used by the symmetric encryption

algorithm.

•

Authentication—SSL supports certificate-based identity authentication of the server and client by
using the digital signatures. The SSL server and client obtain certificates from a CA through the PKI.

•

Reliability—SSL uses the key-based message authentication code (MAC) to verify message integrity.
A MAC algorithm transforms a message of any length to a fixed-length message. With the key, the
sender uses the MAC algorithm to compute the MAC value of a message. Then, the sender

appends the MAC value to the message and sends the result to the receiver. The receiver uses the

same key and MAC algorithm to compute the MAC value of the received message, and compares

the locally computed MAC value with that received. If the two values match, the receiver considers
the message intact; otherwise, the receiver considers that the message has been tampered with in

transit and discards the message.

Figure 70 Message integrity verification by a MAC algorithm

For more information about symmetric key algorithms, asymmetric key algorithm RSA and digital

signature, see "Managing public keys."
For more information about PKI, certificate, and CA, see "Configuring PKI."