95 SSL CONFIGURATIONWhen configuring SSL, go to these sections for information you are interested in:■ “SSL Overview” on page 1207■ “SSL Configuration Task List” on page 1208■ “Displaying and Maintaining SSL” on page 1211■ “Troubleshooting SSL” on page 1211SSL Overview Secure Sockets Layer (SSL) is a security protocol providing secure connectionservice for TCP-based application layer protocols, for example, HTTP protocol. It iswidely used in E-business and online bank fields to provide secure datatransmission over the Internet.SSL provides these security services:■ Confidentiality: SSL encrypts data using a symmetric encryption algorithm andthe key generated during the handshake phase.■ Authentication: SSL supports authenticating both the server and the clientthrough certificates, with the authentication of the client being optional.■ Reliability: SSL uses key-based message authentication code (MAC) to verifymessage integrity.As shown in Figure 357, the SSL protocol consists of two layers of protocols: theSSL record protocol at the lower layer and the SSL handshake protocol, changecipher spec protocol, and alert protocol at the upper layer.Figure 357 SSL protocol stack■ SSL handshake protocol: Responsible for establishing a session between aclient and the server. A session consists of a set of parameters such as thesession ID, peer certificate, cipher suite (including key exchange algorithm, dataencryption algorithm and MAC algorithm), compression algorithm, and masterkey. An SSL session can be used to establish multiple connections, reducingsession negotiation cost.Application layer protocol (e.g. HTTP)TCPIPSSL handshake protocol SSL change cipher spec protocol SSL alert protocolSSL record protocol