Ssl protocol stack, Ssl configuration task list, Configuring an ssl server policy – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 332
318
SSL protocol stack
As shown in
, the SSL protocol consists of two layers of protocols: the SSL record protocol at
the lower layer and the SSL handshake protocol, change cipher spec protocol, and alert protocol at the
upper layer.
Figure 138 SSL protocol stack
•
SSL record protocol—Fragments data to be transmitted, computes and adds MAC to the data, and
encrypts the data before transmitting it to the peer end.
•
SSL handshake protocol—Negotiates the cipher suite to be used for secure communication
(including the symmetric encryption algorithm, key exchange algorithm, and MAC algorithm),
securely exchanges the key between the server and client, and implements identity authentication
of the server and client. Through the SSL handshake protocol, a session is established between a
client and the server. A session consists of a set of parameters, including the session ID, peer
certificate, cipher suite, and master secret.
•
SSL change cipher spec protocol—Used for notification between the client and the server that the
subsequent packets are to be protected and transmitted based on the newly negotiated cipher suite
and key.
•
SSL alert protocol—Enables the SSL client and server to send alert messages to each other. An alert
message contains the alert severity level and a description.
SSL configuration task list
Task Remarks
Configuring an SSL server policy
Required
Configuring an SSL client policy
Optional
Configuring an SSL server policy
An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server policy
takes effect only after it is associated with an application layer protocol such as HTTP.
SSL versions include SSL 2.0, SSL 3.0, and TLS 1.0. When the device acts as the SSL server, it can
communicate with clients running SSL 3.0 or TLS 1.0, and can identify the SSL 2.0 Client Hello message
from a client supporting both SSL 2.0 and SSL 3.0/TLS 1.0, and notify the client to use SSL 3.0 or TLS 1.0
for communication.
Application layer protocol (e.g. HTTP)
TCP
IP
SSL handshake protocol
SSL change cipher spec protocol
SSL alert protocol
SSL record protocol
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000