F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Network Management Configuration Guide-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

961

962

963

964

965

966

967

968

969

970

944

Figure 416 SSL protocol stack

• SSL record protocol—Fragments data to be transmitted, computes and adds MAC to the data, and

encrypts the data before transmitting it to the peer end.

• SSL handshake protocol—Negotiates the cipher suite to be used for secure communication

(including the symmetric encryption algorithm, key exchange algorithm, and MAC algorithm),

securely exchanges the key between the server and client, and implements identity authentication

of the server and client. Through the SSL handshake protocol, a session is established between a

client and the server. A session consists of a set of parameters, including the session ID, peer

certificate, cipher suite, and master secret.

• SSL change cipher spec protocol—Used for notification between the client and the server that the

subsequent packets are to be protected and transmitted based on the newly negotiated cipher suite

and key.

• SSL alert protocol—Enables the SSL client and server to send alert messages to each other. An alert

message contains the alert severity level and a description.

353B

Configuration task list

Task Remarks

3081H

Configuring an SSL server policy Required.

3082H

Configuring an SSL client policy Optional.

354B

Configuring an SSL server policy

An SSL server policy is a set of SSL parameters for a server to use when booting up. An SSL server policy

takes effect only after it is associated with an application such as HTTPS.

SSL versions include SSL 2.0, SSL 3.0, and TLS 1.0 (or SSL 3.1). When the device acts as the SSL server,

it can communicate with clients running SSL 3.0 or TLS 1.0, and can identify the SSL 2.0 Client Hello

message from a client supporting both SSL 2.0 and SSL 3.0/TLS 1.0, and notify the client to use SSL 3.0

or TLS 1.0 for communication.

To configure an SSL server policy:

Ste

Command

Remarks

1621. Enter system view. system-view N/A

1622. Create an SSL server

policy and enter its view.

ssl server-policy policy-name N/A