HP VPN Firewall Appliances Network Management Configuration Guide
941
Configuring SSL
SSL can be configured only at the CLI.
Overview
Secure Sockets Layer (SSL) is a cryptographic protocol that provides communication security for
TCP-based application layer protocols such as HTTP. SSL has been widely used in applications such as
e-business and online banking to provide secure data transmission over the Internet.
SSL security mechanism
SSL provides the following security services:
• Privacy—SSL uses a symmetric encryption algorithm to encrypt data and uses an asymmetric key
algorithm such as RSA to encrypt the key used by the symmetric encryption algorithm. For more
information about RSA, see "Managing public keys."
• Authentication—SSL uses certificate-based digital signatures to authenticate the SSL server and
client. The SSL server and client obtain digital certificates through PKI.
• Integrity—SSL uses the message authentication code (MAC) to verify message integrity. It uses a
MAC algorithm and a key to transform a message of any length to a fixed-length message. Any
change to the original message will result in a change to the calculated fixed-length message. As
shown in Fig ure 416, the mes
sage integrity veri
fication process is as follows:
a. The sender uses a MAC algorithm and a key to calculate a MAC value for a message,
appends the MAC value to the message, and sends the message to the receiver.
b. The receiver uses the same key and MAC algorithm to calculate a MAC value for the received
message, and compares it with the MAC value appended to the message.
c. If the two MAC values are identical, the receiver considers the message intact. Otherwise, the
receiver considers the message tampered with and discards the message.
Figure 416 Message integrity verification by a MAC algorithm
For more information about symmetric key algorithms, asymmetric key algorithm RSA and digital
signature, see VPN Configuration Guide.
For more information about PKI, certificate, and CA, see VPN Configuration Guide.