Zilog EZ80F91AZA User Manual Page 47
- Page / 79
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
UM020107-1211 SSL Configuration
ZTP Network Security SSL Plug-In
User Manual
41
process continues until the client obtains a certificate from a trusted issuer, or until a certif-
icate is presented that was signed by the same entity presenting the certificate (called a
self-signed certificate). In this circumstance, the subject of the certificate is vouching for
itself.
When a self-signed certificate is presented to a client, it must determine whether to accept
the certificate or not, and whether or not to allow the SSL session to be established. Many
computer programs executing with user interfaces will typically force the human user to
make the decision. The ZTP Network Security SSL Plug-In uses a callback routine to
make this decision (see the Certificate Verification
section on page 48).
After the client is satisfied with the server’s identity, it uses the public key in the certificate
to arrive at a shared secret between the client and the server, which in turn is used to
encrypt all data transferred between them. This encryption occurs via the execution of a
public key algorithm. If the server actually possesses the private key that corresponds to
the public key in the certificate, then both the client and the server will arrive at the same
secret. Otherwise, the secrets will not match, and data encrypted by one party will not be
understood by the other party. The SSL handshake protocols are able to detect this condi-
tion and will immediately sever the SSL connection.
Certificate Chains
The previous section explained basic certificate concepts and indicated that certificate
trust relationships are hierarchical in nature. Consequently, TLSv3 and SSLv1 servers are
able to present the client with a list of certificates called a certificate chain. The first chain
in the certificate belongs to the server presenting the list. The next certificate in the chain
belongs to the issuer that signed the server’s certificate. The next certificate belongs to the
issuer that signed the issuer of the subject’s certificate, etc.
SSL certificate chains can (but are not required to) end with a self-signed certificate (i.e.,
the one in which the certificate is issued to and issued by the same entity).
SSLv2 servers are only permitted to supply the client with a single certificate, often a self-
signed certificate. For the client to accept the server’s certificate, it must trust one of the
certificates in the server’s chain. This trust can be developed as the result of having the pre-
viously stored issuer’s certificate or simply prompting the user to accept the certificate.
When one of the SSL server handshake protocols in the ZTP Network Security SSL Plug-
In is initialized (see the SSL Handshake Protocol Initialization
section on page 22), the
first parameter must be a pointer to the
CERT_CHAIN data structure. This data structure
accommodates a maximum of four X.509 certificates. The following code fragment shows
an initialized variable of type
CERT_CHAIN that contains a chain of two certificates:
CERT_CHAIN CertChain =
Note:
- ZTP Network Security SSL 1
- UM020107-1211 2
- Revision History 3
- Table of Contents 5
- Introduction 7
- Architecture 8
- Handshake Protocol 9
- How to Use SSL 10
- SSL Version 2 12
- UM020107-1211 Introduction 13
- User Manual 13
- HMAC_MD5 and 13
- SSL Handshake Protocols 14
- Security Concepts 15
- Getting Started 19
- Getting Started 21
- → Rebuild All menu option 23
- Send an Encrypted Message 24
- SSL Configuration 25
- ZDS II Project Settings 26
- SSL Initialization 27
- Digest Algorithm Selection 30
- Cipher Algorithm Selection 32
- PKI Algorithm Selection 34
- Cipher Suite Configuration 37
- Cipher Suite Tables 40
- EDH Parameters 43
- Modulus Length 45
- Certificates 46
- Certificate Chains 47
- Generating Certificates 48
- SSL Configuration 52
- Certificate Creation Issues 53
- Certificate Verification 54
- Verifying All Certificates 56
- Signature Verification 56
- Limitations 57
- Session Cache 58
- Session Cache Operation 59
- Diagnostic Messages 59
- How to Use the HTTPS Server 60
- Figure 7. Security Alert 62
- Creating SSL Applications 63
- Client Applications 66
- SSL Version 2 Cipher Suites 69
- SSL Version 3 Cipher Suites 70
- TLS Version 1 Cipher Suites 71
- AES Extensions 73
- UM020107-1211 74
- Private Cipher Suites 75
- Customer Support 79
Related products and manuals for Sensors Zilog EZ80F91AZA
Sensors Zilog Z8F0130 User Manual
(214 pages)
(214 pages)
Sensors Zilog EZ80F916 User Manual
(0 pages)
(0 pages)
Sensors Zilog EZ80F916 User Manual
(0 pages)
(0 pages)
Sensors Zilog EZ80190 User Manual
(10 pages)
(10 pages)
Sensors Zilog EZ80F91AZA User Manual
(34 pages)
(34 pages)
Sensors Zilog EZ80190 User Manual
(87 pages)
(87 pages)
Sensors Zilog EZ80F91 User Manual
(78 pages)
(78 pages)
Sensors Zilog Z02215 User Manual
(2 pages)
(2 pages)
Sensors Zilog eZ80F92 User Manual
(87 pages)
(87 pages)
Sensors Zilog EZ80L92 User Manual
(86 pages)
(86 pages)
Sensors Zilog Z16C30 User Manual
(208 pages)
(208 pages)
Sensors Zilog Z16C35 User Manual
(322 pages)
(322 pages)
Sensors Zilog Z80380 User Manual
(268 pages)
(268 pages)
Sensors Zilog Z80380 User Manual
(116 pages)
(116 pages)
Sensors Zilog Z80195 User Manual
(47 pages)
(47 pages)
Sensors Zilog Z80180 User Manual
(326 pages)
(326 pages)
Sensors Zilog Z86193 User Manual
(260 pages)
(260 pages)
Sensors Zilog Z86C36 User Manual
(64 pages)
(64 pages)
Sensors Zilog Z86E07 User Manual
(43 pages)
(43 pages)
Sensors Zilog Z08470 User Manual
(326 pages)
(326 pages)
© 2020, manymanuals.com. All rights reserved. | 1.583 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals