307
SSL protocol stack
The SSL protocol consists of two layers of protocols: the SSL record protocol at the lower layer and the SSL
handshake protocol, change cipher spec protocol, and alert protocol at the upper layer.
Figure 117 SSL protocol stack
• SSL record protocol—Fragments data to be transmitted, computes and adds MAC to the data, and
encrypts the data before transmitting it to the peer end.
• SSL handshake protocol—Negotiates the cipher suite to be used for secure communication
(including the symmetric encryption algorithm, key exchange algorithm, and MAC algorithm),
securely exchanges the key between the server and client, and implements identity authentication of
the server and client. Through the SSL handshake protocol, a session is established between a client
and the server. A session consists of a set of parameters, including the session ID, peer certificate,
cipher suite, and master secret.
• SSL change cipher spec protocol—Used for notification between the client and the server that the
subsequent packets are to be protected and transmitted based on the newly negotiated cipher suite
and key.
• SSL alert protocol—Enables the SSL client and server to send alert messages to each other. An alert
message contains the alert severity level and a description.
SSL configuration task list
Complete the following tasks to configure SSL:
Task Remarks
Configuring an SSL server policy Required
Configuring an SSL client policy Optional
Configuring an SSL server policy
An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server policy
takes effect only after it is associated with an application layer protocol such as HTTP.
Configuration prerequisites
Configure the PKI domain for the SSL server policy to use to obtain a certificate for the SSL server. For
more information about PKI domain configuration, see the chapter “PKI configuration.”
To Next Page
Loading...
Need help?
General