The SSL protocol consists of server authentication and
client authentication, followed by an encrypted conversation (SSL
handshake).
Server authentication
SSL server authentication
allows a client to confirm the identity of a server. SSL-enabled client
software uses standard techniques of public-key cryptography to ensure
that a server's certificate and public ID is valid, and that the certificate
and ID were issued from one of the client's list of trusted certificate
authorities (CA).
Client authentication
SSL client authentication
allows a server to confirm a client's identity. Using the same techniques
used for server authentication, SSL-enabled server software verifies
that a client's certificate and public ID is valid and that the certificate
and ID was issued by one of the server's list of trusted certificate
authorities (CA).
Null Encryption
Null encryption allows for
authentication to occur during the SSL handshake. After the SSL handshake
completes, all messages flow without being encrypted over that socket.
SSL handshake
Both the client, the
IMS™ TM
resource adapter, and
the server, IMS Connect, store
their certificates and private keys in keystores. The SSL session
between the
IMS TM
resource adapter and IMS Connect is established by following
a handshake sequence between the client and the server. The sequence
varies, depending on whether the server is configured to provide just
a server certificate, or to provide a server certificate and request
a client certificate, and which cipher suites are available for use.
A cipher is an encryption algorithm. The SSL protocol determines how
the client and the server negotiate the cipher suite to be used, authenticate
one another, transmit certificates, establish session keys, and transmit
messages. Some of the algorithms used in cipher suites include:
- DES - Data Encryption Standard
- DSA - Digital Signature Algorithm
- KEA - Key Exchange Algorithm
- MD5 - Message Digest algorithm
- RC2 and RC4 - Rivest encryption ciphers
- RSA - A public key algorithm for both encryption and authentication
- RSA key exchange - A key-exchange for SSL based on the RSA algorithm
- SHA-1 - Secure Hash Algorithm
- SKIPJACK - A classified symmetric-key algorithm implemented in
FORTEZZA-compliant hardware
- Triple-DES - DES applied three times.