104 SSL CONFIGURATIONWhen configuring SSL, go to these sections for information you are interested in:■ “SSL Overview” on page 1953■ “SSL Configuration Task List” on page 1954■ “Configuring an SSL Server Policy” on page 1954■ “Configuring an SSL Client Policy” on page 1955■ “Displaying and Maintaining SSL” on page 1955■ “Troubleshooting SSL” on page 1956SSL Overview Secure sockets layer (SSL) is a security protocol providing secure connection servicefor TCP-based application layer protocols, for example, HTTP protocol. It is widelyused in E-business and online bank fields to provide secure data transmission overthe Internet.SSL provides these security services:■ Confidentiality: SSL encrypts data using a symmetric encryption algorithm andthe key generated during handshake phase.■ Authentication: SSL supports authenticating both the server and the clientthrough certificates, with the authentication of the client being optional.■ Reliability: SSL uses key-based message authentication code (MAC) to verifymessage integrity.As shown in Figure 573, the SSL protocol consists of two layers of protocols: theSSL record protocol at the lower layer and the SSL handshake protocol, changecipher spec protocol, and alert protocol at the upper layer.Figure 573 SSL protocol stack■ SSL handshake protocol: Responsible for establishing a session between aclient and the server. A session consists of a set of parameters such as thesession ID, peer certificate, cipher suite (including key exchange algorithm, dataencryption algorithm and MAC algorithm), compression algorithm, and masterApplication layer protocol (e.g. HTTP)TCPIPSSL handshake protocol SSL change cipher spec protocol SSL alert protocolSSL record protocol