198Figure 62 SSL protocol stackThe following describes the major functions of SSL protocols:• SSL record protocol—Fragments data received from the upper layer, computes and adds MAC tothe data, and encrypts the data.• SSL handshake protocol—Negotiates the cipher suite used for secure communication (including thesymmetric encryption algorithm, key exchange algorithm, and MAC algorithm), authenticates theserver and client, and securely exchanges the key between the server and client. The client andserver use the SSL handshake protocol to establish a session that comprises a set of parameters,including the session ID, peer digital certificate, cipher suite, and master secret.• SSL change cipher spec protocol—Notifies the receiving party that the subsequent packets are to beprotected and transmitted based on the newly negotiated cipher suite and key.• SSL alert protocol—Sends alert messages to the receiving party. An alert message contains the alertseverity level and a description.FIPS complianceThe device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,commands, and parameters might differ in FIPS mode (see "Configuring FIPS") and non-FIPS mode.SSL configuration task listTasks at a glance RemarksConfiguring an SSL server policy Perform this configuration task on the SSL server.Configuring an SSL client policy Perform this configuration task on the SSL client.Configuring an SSL server policyAn SSL server policy comprises a set of SSL parameters used by the SSL server. An SSL server policy takeseffect only after it is associated with an application.NOTE:SSL versions include SSL 2.0, SSL 3.0, and TLS 1.0 (or SSL 3.1). When the device acts as the SSL server,it can communicate with clients running SSL 3.0 or TLS 1.0, and can identify the SSL 2.0 Client Hellomessage from a client supporting both SSL 2.0 and SSL 3.0/TLS 1.0, and notify the client to use SSL 3.0or TLS 1.0 for communication.