Zilog EZ80F91AZA User Manual Page 56
- Page / 79
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
UM020107-1211 SSL Configuration
ZTP Network Security SSL Plug-In
User Manual
50
The SSL protocol layer internally sets the SSL_X509_TRUSTED flag on all certificates that
it implicitly trusts, or on those certificates for which the
VerifyCertificate callback
function returns
SSL_SUCCESS.
The ZTP Network Security SSL Plug-In does not check if the certificate has been revoked. No
attempt is made to contact certificate issuers and obtain a list of certificates that have been revoked.
If this functionality is required, it must be implemented within the
VerifyCertificate
callback
function.
Verifying All Certificates
In some instances, it is useful to examine all certificates – even those that the SSL layer
implicitly trusts (i.e., the
SSL_X509_TRUSTED flag is set), especially if the application
must perform additional integrity checks on the certificate beyond the basic verification
performed in the SSL library. For example, the application can obtain the issuer’s certifi-
cate revocation list (CRL) to determine if an otherwise-valid certificate should be rejected.
To force the
VerifyCertificate callback to be called for all certificates processed by
the SSL handshake protocols, set the value of the
SSL_PresentAllCertificates con-
figuration variable to TRUE. This variable is located in the
ssl_conf.c configuration
file. Its default definition is shown in the following code fragment:
SSL_BOOL SSL_PresentAllCertificates = FALSE;
Signature Verification
A digital signature provides a mechanism that allows an entity to verify that another entity
was the originator of a specific piece of digital information. This verification establishes
the authenticity of the information. To generate a signature, the information is typically
hashed into a fixed-sized quantity using a digest algorithm, and then subjected to a public
key operation using the signatory’s private key.
Any other entity possessing the signatory’s public key can then perform the complemen-
tary public key operation using the signatory’s public key and compare the recovered
digest to a locally-generated digest of the same piece of information. If these digests are
identical, the information is deemed authentic; i.e., the signatory’s private key has not
been compromised. If the key remains secure, then by the nature of the asymmetric public
key algorithm, it is extremely unlikely that an attacker could forge the signature on an
altered block of information.
All X.509 certificates used by SSL must be signed by an issuer. By verifying the signature
on a certificate, the recipient can be relatively certain that the certificate is accurate and
identical to the information that the issuer originally signed. If it can be proven (via an
Note:
- ZTP Network Security SSL 1
- UM020107-1211 2
- Revision History 3
- Table of Contents 5
- Introduction 7
- Architecture 8
- Handshake Protocol 9
- How to Use SSL 10
- SSL Version 2 12
- UM020107-1211 Introduction 13
- User Manual 13
- HMAC_MD5 and 13
- SSL Handshake Protocols 14
- Security Concepts 15
- Getting Started 19
- Getting Started 21
- → Rebuild All menu option 23
- Send an Encrypted Message 24
- SSL Configuration 25
- ZDS II Project Settings 26
- SSL Initialization 27
- Digest Algorithm Selection 30
- Cipher Algorithm Selection 32
- PKI Algorithm Selection 34
- Cipher Suite Configuration 37
- Cipher Suite Tables 40
- EDH Parameters 43
- Modulus Length 45
- Certificates 46
- Certificate Chains 47
- Generating Certificates 48
- SSL Configuration 52
- Certificate Creation Issues 53
- Certificate Verification 54
- Verifying All Certificates 56
- Signature Verification 56
- Limitations 57
- Session Cache 58
- Session Cache Operation 59
- Diagnostic Messages 59
- How to Use the HTTPS Server 60
- Figure 7. Security Alert 62
- Creating SSL Applications 63
- Client Applications 66
- SSL Version 2 Cipher Suites 69
- SSL Version 3 Cipher Suites 70
- TLS Version 1 Cipher Suites 71
- AES Extensions 73
- UM020107-1211 74
- Private Cipher Suites 75
- Customer Support 79
Related products and manuals for Sensors Zilog EZ80F91AZA
Sensors Zilog Z8F0130 User Manual
(214 pages)
(214 pages)
Sensors Zilog EZ80F916 User Manual
(0 pages)
(0 pages)
Sensors Zilog EZ80F916 User Manual
(0 pages)
(0 pages)
Sensors Zilog EZ80190 User Manual
(10 pages)
(10 pages)
Sensors Zilog EZ80F91AZA User Manual
(34 pages)
(34 pages)
Sensors Zilog EZ80190 User Manual
(87 pages)
(87 pages)
Sensors Zilog EZ80F91 User Manual
(78 pages)
(78 pages)
Sensors Zilog Z02215 User Manual
(2 pages)
(2 pages)
Sensors Zilog eZ80F92 User Manual
(87 pages)
(87 pages)
Sensors Zilog EZ80L92 User Manual
(86 pages)
(86 pages)
Sensors Zilog Z16C30 User Manual
(208 pages)
(208 pages)
Sensors Zilog Z16C35 User Manual
(322 pages)
(322 pages)
Sensors Zilog Z80380 User Manual
(268 pages)
(268 pages)
Sensors Zilog Z80380 User Manual
(116 pages)
(116 pages)
Sensors Zilog Z80195 User Manual
(47 pages)
(47 pages)
Sensors Zilog Z80180 User Manual
(326 pages)
(326 pages)
Sensors Zilog Z86193 User Manual
(260 pages)
(260 pages)
Sensors Zilog Z86C36 User Manual
(64 pages)
(64 pages)
Sensors Zilog Z86E07 User Manual
(43 pages)
(43 pages)
Sensors Zilog Z08470 User Manual
(326 pages)
(326 pages)
© 2020, manymanuals.com. All rights reserved. | 3.085 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals