WB552: Random DataPower Thoughts Part 8

SSL: Message Confidentiality, Message Integrity and Non-Repudiation

Server always authenticates to the client. Client optionally authenticates to the server.

During an SSL handshake: Negotiate the level of SSL, decide on cipher suite, authenticate the server, build a secret key to be used for the session.

SSL hello contains list of Cipher Suites. Server responds with hello and has selected a cipher suite from the list. Server also sends the certificate. Client validates certificate. Client encrypts message about the symmetric key with server public key.  Connection is secured. Symmetic key exists for a specified time (2 min) and is then re-negotiated.

Server Identifies, Client Validates.

In the case of mutual authentication, your Crypto Profile would contain both  Crypto Identification Credential and a Crypto Validation Credential.

forward ssl proxy -> Client. reverse ssl proxy -> server. Stupid.

SSL Proxy Profile refers to a Crypto Profile which then refers to the key/certs.

Author: dan

Leave a Reply

Your email address will not be published. Required fields are marked *