+7(495) 797-3311 www.qtech.ruМосква, Новозаводская ул., 18, стр. 1321Chapter 44 SSL Configuration44.1 Introduction to SSLAs the computer networking technology spreads, the security of the network has been takingmore and more important impact on the availability and the usability of the networkingapplication. The network security has become one of the greatest barriers of modernnetworking applications.To protect sensitive data transferred through Web, Netscape introduced the Secure SocketLayer – SSL protocol, for its Web browser. Up till now, SSL 2.0 and 3.0 has been released.SSL 2.0 is obsolete because of security problems, and it is not supported on the switches ofNetwork. The SSL protocol uses the public-key encryption, and has become the industrystandard for secure communication on internet for Web browsing. The Web browser integratesHTTP and SSL to realize secure communication.SSL is a safety protocol to protect private data transmission on the Internet. SSL protocols aredesigned for secure transmission between the client and the server, and authentication both atthe server sides and optional client. SSL protocols must build on reliable transport layer (suchas TCP). SSL protocols are independent for application layer. Some protocols such as HTTP,FTP, TELNET and so on, can build on SSL protocols transparently. The SSL protocolnegotiates for the encryption algorithm, the encryption key and the server authenticationbefore data is transmitted. Ever since the negotiation is done, all the data being transferred willbe encrypted.Via above introduction, the security channel is provided by SSL protocols have below threecharacteristics:Privacy. First they encrypt the suite through negotiation, then all the messages be encrypted.Affirmation. Though the client authentication of the conversational is optional, but the server isalways authenticated.Reliability. The message integrality inspect is included in the sending message (use MAC).44.1.1 Basic Element of SSLThe basic strategy of SSL provides a safety channel for random application data forwardingbetween two communication programs. In theory, SSL connect is similar with encrypt TCPconnect. The position of SSL protocol is under application layer and on the TCP. If themechanism of the data forwarding in the lower layer is reliable, the data read-in the networkwill be forwarded to the other program in sequence, lose packet and re-forwarding will notappear. A lot of transmission protocols can provide such kind of service in theory, but in actualapplication, SSL is almost running on TCP, and not running on UDP and IP directly.