R0106-HP MSR Router Series Security Configuration Guide(V7)
359
Figure 106 SSL protocol stack
The following describes the major functions of SSL protocols:
• SSL record protocol—Fragments data received from the upper layer, computes and adds MAC to
the data, and encrypts the data.
• SSL handshake protocol—Negotiates the cipher suite used for secure communication, authenticates
the server and client, and securely exchanges the keys between the server and client. The cipher
suite that needs to be negotiated includes the symmetric encryption algorithm, key exchange
algorithm, and MAC algorithm.
• SSL change cipher spec protocol—Notifies the receiver that subsequent packets are to be protected
based on the negotiated cipher suite and key.
• SSL alert protocol—Sends alert messages to the receiving party. An alert message contains the alert
severity level and a description.
FIPS compliance
The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode (see "Configuring FIPS") and non-FIPS mode.
Security strength
By default, the device provides low encryption. To obtain high encryption, you must install the Strong
Cryptography feature license. This feature provides stronger cryptography, additional IPsec tunnels, and
higher encryption performance. For more information about obtaining the Strong Cryptography feature
license, see the release notes or contact your HP sales representative.
Support for features, commands, and parameters differs with the cryptography capability.
SSL configuration task list
Tasks at a
g
lance
Remarks
Configuring an SSL server policy Perform this configuration task on the SSL server.
Configuring an SSL client policy Perform this configuration task on the SSL client.
Configuring an SSL server policy
An SSL server policy comprises a set of SSL parameters used by the SSL server. An SSL server policy takes
effect only after it is associated with an application such as HTTPS.