Login
- Table of Contents
-
- 05-Objects
- 01-Health monitoring
- 02-User management
- 03-Authentication
- 04-Portal
- 05-WAF
- 06-IPS
- 07-Anti-virus
- 08-Data filtering
- 09-URL filtering
- 10-File filtering
- 11-APT defense
- 12-APR
- 13-Terminal identification
- 14-Security action
- 15-Advanced settings
- 16-Intelligences from the threat management platform
- 17-Object group
- 18-ACL
- 19-SSL
- 20-Public key management
- 21-PKI
- 22-Attack defense
- 23-Trusted access controllers
| Title | Size | Download |
|---|---|---|
| 19-SSL | 22.26 KB |
SSL
Introduction
Secure Sockets Layer (SSL) is a cryptographic protocol that provides communication security for TCP-based application layer protocols such as HTTP. SSL has been widely used in applications such as e-business and online banking to provide secure data transmission over the Internet.
SSL provides the following security services:
· Privacy—SSL uses a symmetric encryption algorithm to encrypt data. It uses the asymmetric key algorithm of RSA to encrypt the key used by the symmetric encryption algorithm.
· Authentication—SSL uses certificate-based digital signatures to authenticate the SSL server and client. The SSL server and client obtain digital certificates through PKI.
· Integrity—SSL uses the message authentication code (MAC) to verify message integrity.
Restrictions and guidelines
· The SSL protocol versions include SSL 2.0, SSL 3.0, TSL 1.0 (or SSL 3.1), TLS 1.1, TLS 1.2, TLS1.3, and GM-TLS1.1. As an SSL server, the device can communicate with clients running SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2, TLS1.3, or GM-TLS1.1. When the server receives an SSL 2.0 Client Hello message from a client, it notifies the client to use a later SSL version for communication.
· An SSL server policy defines a set of SSL parameters used by the SSL server, including the PKI domain, the supported cipher suites, and the preferred order for cipher suite negotiation. An SSL server policy takes effect only after it is associated with an application such as HTTPS.
You can specify two PKI domains for an SSL server policy. The SSL server will select a PKI domain that matches the client's certificate configuration to perform SSL negotiation with the client.
You can specify the client-preferred order or the server-preferred order for cipher suite negotiation in the SSL negotiation process. By default, the client-preferred order is used. If the client-preferred order is used, the SSL server uses the client's cipher suites one by one to match the server's cipher suites until a match is found. If no match is found, the negotiation fails. If the server-preferred order is used, the SSL server uses its own cipher suites one by one to match the client's cipher suites until a match is found. If no match is found, the negotiation fails.
· An SSL client policy defines a set of SSL parameters used by the SSL client, including the PKI domain and the preferred cipher suite. The SSL client uses the settings in the client policy to establish a connection to the server. An SSL client policy takes effect only after it is associated with an application, such as DDNS.
· If the configuration in an SSL server or client policy changes, you must re-enable the services that use that SSL server or client policy to apply the new configuration.
· If you modify the SSL protocol version in Advanced Settings, you must re-enable the services that use the default SSL policy to apply the new SSL protocol version.
