Setting Security PreferencesChapter 5 Securing Your Enterprise Server 105Setting Security PreferencesOnce you have a certificate, you can begin securing your server. Several securityelements are provided by Enterprise Server.Encryption is the process of transforming information so it is unintelligible toanyone but the intended recipient. Decryption is the process of transformingencrypted information so that it is intelligible again. Enterprise Server 6.0 includessupports SSL and TLS encryption protocols.A cipher is a cryptographic algorithm (a mathematical function), used forencryption or decryption. SSL and TLS protocols contain numerous cipher suites.Some ciphers are stronger and more secure than others. Generally speaking, themore bits a cipher uses, the harder it is to decrypt the data.In any two-way encryption process, both parties must use the same ciphers.Because a number of ciphers are available, you need to enable your server for thosemost commonly used.During a secure connection, the client and the server agree to use the strongestcipher they can both have for communication. You can choose ciphers from theSSL2, SSL3, and TLS protocols.The encryption process alone isn’t enough to secure your server’s confidentialinformation. A key must be used with the encrypting cipher to produce the actualencrypted result, or to decrypt previously encrypted information. The encryptionprocess uses two keys to achieve this result: a public key and a private key.Information encrypted with a public key can be decrypted only with the associatedprivate key. The public key is published as part of a certificate; only the associatedprivate key is safeguarded.For description of the various cipher suites, and more information about keys andcertificates, see Managing Servers with Netscape Console.To specify which ciphers your server can use, check them in the list. Unless youhave a compelling reason not to use a specific cipher, you should check them all.However, you may not wish to enabling ciphers with less than optimal encryption.NOTE Improvements to security and performance were made after SSLversion 2.0; you should not use SSL 2 unless you have clients thatare not capable of using SSL 3. Client certificates are not guaranteedto work with SSL 2 ciphers.