HP VPN Firewall Appliances Network Management Configuration Guide
942
SSL protocol stack
SSL includes an SSL record protocol at the lower layer, and an SSL handshake protocol, SSL change
cipher spec protocol, and SSL alert protocol at the upper layer.
Figure 417 SSL protocol stack
• SSL record protocol—Fragments data received from the upper layer, computes and adds MAC to
the data, and encrypts the data.
• SSL handshake protocol—Negotiates the cipher suite used for secure communication (including the
symmetric encryption algorithm, key exchange algorithm, and MAC algorithm), authenticates the
server and client, and securely exchanges the key between the server and client.
• SSL change cipher spec protocol—Notifies the receiving party that the subsequent packets are to be
protected and transmitted based on the newly negotiated cipher suite and key.
• SSL alert protocol—Sends alert messages to the receiving party. An alert message contains the alert
severity level and a description.
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about
FIPS mode, see Access Control Configuration Guide.
Configuration task list
Task Remarks
Configuring an SSL server policy Required.
Configuring an SSL client policy Optional.
Configuring an SSL server policy
An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server policy
takes effect only after it is associated with an application such as HTTPS.
SSL versions include SSL 2.0, SSL 3.0, and TLS 1.0 (or SSL 3.1). When the device acts as the SSL server,
it can communicate with clients running SSL 3.0 or TLS 1.0, and can identify the SSL 2.0 Client Hello
message from a client supporting both SSL 2.0 and SSL 3.0/TLS 1.0, and notify the client to use SSL 3.0
or TLS 1.0 for communication.