1-11 SSL ConfigurationWhen configuring SSL, go to these sections for information you are interested in:z SSL Overviewz SSL Configuration Task Listz Displaying and Maintaining SSLz Troubleshooting SSLSSL OverviewSecure Sockets Layer (SSL) is a security protocol providing secure connection service for TCP-basedapplication layer protocols, for example, HTTP protocol. It is widely used in E-business and online bankfields to provide secure data transmission over the Internet.SSL Security MechanismSSL provides these security services:z Confidentiality: SSL uses a symmetric encryption algorithm to encrypt data and uses theasymmetric key algorithm of Rivest, Shamir, and Adelman (RSA) to encrypt the key to be used bythe symmetric encryption algorithm.z Authentication: SSL supports certificate-based identity authentication of the server and client byusing the digital signatures, with the authentication of the client being optional. The SSL server andclient obtain certificates from a certificate authority (CA) through the Public Key Infrastructure(PKI).z Reliability: SSL uses the key-based message authentication code (MAC) to verify messageintegrity. A MAC algorithm transforms a message of any length to a fixed-length message. Figure1-1 illustrates how SSL uses a MAC algorithm to verify message integrity. With the key, the senderuses the MAC algorithm to compute the MAC value of a message. Then, the sender suffixes theMAC value to the message and sends the result to the receiver. The receiver uses the same keyand MAC algorithm to compute the MAC value of the received message, and compares the locallycomputed MAC value with that received. If the two matches, the receiver considers the messageintact; otherwise, the receiver considers that the message has been tampered with in transit anddiscards the message.Figure 1-1 Message integrity verification by a MAC algorithm