iTP Secure WebServer System Administrator's Guide (iTPWebSvr 6.0+)

ManualsBrandsHP ManualsServerHP NonStop G-Series

411

412

413

414

415

416

417

418

419

420

Security Concepts

iTP Secure WebServer System Administrator’s Guide—523346-002

D-9

Private Communications Technology (PCT)

The Private Communications Technology (PCT) protocol is the Microsoft version of the

SSL protocol. The two protocols are very similar and use the same port to accept

requests.

You can configure your server to accept SSL, PCT, or both, using the

AcceptSecureTransport configuration directive (the default is to accept both SSL

and PCT). For example, to allow only PCT requests, use the following directive:

AcceptSecureTransport -nossl

You can use the AcceptSecureTransport Region command to limit access to a

certain region to SSL or PCT requests (again, the default is to allow both types of

requests). For example, to allow only SSL requests within a certain region, use the

following script:

Region /cookbook/secret-recipes.html {

RequireSecureTransport -nopct

}

Other than limiting server processing, region access, or both to either PCT or SSL, the

deployment of SSL and PCT is identical.

Comparing SSL and PCT

This section compares the design and relative advantages of SSL and PCT.

Design Goals

SSL was designed to provide a secure channel between a web client and a server for

all communications. The entire data stream between the web client and the server is

encrypted; clients and servers do not negotiate about the application of particular

security enhancements to individual documents. In most cases, clients can verify that

servers have a certificate issued by a trusted CA; however, servers cannot likewise

authenticate clients.

The design goals of PCT are similar to those of SSL. An additional goal was to improve

the security of the SSL protocol. See the PCT and SSL protocol specifications for

details.

Relative Advantages

SSL and PCT both provide private communications. They each allow user names and

passwords to be carried in encrypted messages for authentication.

In choosing a protocol for your server, in addition to considering relative advantages,

you also need to consider which protocol your clients will be using. The best solution is

for your server to be able to service both protocols to the fullest extent possible.