Zilog EZ80F91AZA User Manual Page 57
- Page / 79
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
UM020107-1211 SSL Configuration
ZTP Network Security SSL Plug-In
User Manual
51
asymmetric key exchange/agreement algorithm) that the subject of the certificate is in pos-
session of the private key corresponding to the public key in the certificate, then the certif-
icate recipient can be relatively certain that it is communicating with the entity to which
the certificate was issued.
When the SSL client and the server establish a session using Ephemeral Diffie-Hellman
parameters (or temporary RSA keys), these parameters are also digitally signed by the
SSL server. If the client verifies the signature on these parameters, it can be relatively cer-
tain that the parameters were created by the SSL server and not an attacker attempting to
trick the client to use bogus parameters which the attacker can decode.
By default, the ZTP Network Security SSL Plug-In will attempt to verify all digital signa-
tures. However, this verification can require the execution of many public key algorithms
which take considerable CPU bandwidth. At the customer’s discretion, verification of dig-
ital signatures can be disabled. The customer is advised that doing so will lower the over-
all security of the system. However, in applications requiring faster session establishment
times, disabling the verification of digital signatures could be a viable option.
Disabling Signature Verification
Digital signature verification is controlled by the value of the SSL_VerifySignatures
configuration variable located in the
ssl_conf.c configuration file. The default setting
is shown in the following code fragment:
SSL_BOOL SSL_VerifySignatures = TRUE;
Disabling signature verification is useful only for SSL clients. SSL servers in the ZTP Net-
work Security SSL Plug-In will always generate signatures when required, regardless of
the setting of the
SSL_VerifySignatures variable. In addition, because client authenti-
cation is not supported, SSL servers in this implementation will never verify a client signa-
ture.
Limitations
Because the ZTP Network Security SSL Plug-In only supports a limited set of crypto-
graphic operations, it can only verify (and generate) digital signatures that use these sup-
ported algorithms. A digital signature requires the use of a digest algorithm and a public
key signature algorithm. This implementation supports two digest algorithms (MD5 and
SHA1) and two signature algorithms (RSA and DSA). Therefore, the only digital signa-
ture algorithms that can be supported are:
•
MD5 with RSA encryption
•
SHA1 with RSA encryption
•
SHA1 with DSA
Note:
- ZTP Network Security SSL 1
- UM020107-1211 2
- Revision History 3
- Table of Contents 5
- Introduction 7
- Architecture 8
- Handshake Protocol 9
- How to Use SSL 10
- SSL Version 2 12
- UM020107-1211 Introduction 13
- User Manual 13
- HMAC_MD5 and 13
- SSL Handshake Protocols 14
- Security Concepts 15
- Getting Started 19
- Getting Started 21
- → Rebuild All menu option 23
- Send an Encrypted Message 24
- SSL Configuration 25
- ZDS II Project Settings 26
- SSL Initialization 27
- Digest Algorithm Selection 30
- Cipher Algorithm Selection 32
- PKI Algorithm Selection 34
- Cipher Suite Configuration 37
- Cipher Suite Tables 40
- EDH Parameters 43
- Modulus Length 45
- Certificates 46
- Certificate Chains 47
- Generating Certificates 48
- SSL Configuration 52
- Certificate Creation Issues 53
- Certificate Verification 54
- Verifying All Certificates 56
- Signature Verification 56
- Limitations 57
- Session Cache 58
- Session Cache Operation 59
- Diagnostic Messages 59
- How to Use the HTTPS Server 60
- Figure 7. Security Alert 62
- Creating SSL Applications 63
- Client Applications 66
- SSL Version 2 Cipher Suites 69
- SSL Version 3 Cipher Suites 70
- TLS Version 1 Cipher Suites 71
- AES Extensions 73
- UM020107-1211 74
- Private Cipher Suites 75
- Customer Support 79
Related products and manuals for Sensors Zilog EZ80F91AZA
Sensors Zilog Z8F0130 User Manual
(214 pages)
(214 pages)
Sensors Zilog EZ80F916 User Manual
(0 pages)
(0 pages)
Sensors Zilog EZ80F916 User Manual
(0 pages)
(0 pages)
Sensors Zilog EZ80190 User Manual
(10 pages)
(10 pages)
Sensors Zilog EZ80F91AZA User Manual
(34 pages)
(34 pages)
Sensors Zilog EZ80190 User Manual
(87 pages)
(87 pages)
Sensors Zilog EZ80F91 User Manual
(78 pages)
(78 pages)
Sensors Zilog Z02215 User Manual
(2 pages)
(2 pages)
Sensors Zilog eZ80F92 User Manual
(87 pages)
(87 pages)
Sensors Zilog EZ80L92 User Manual
(86 pages)
(86 pages)
Sensors Zilog Z16C30 User Manual
(208 pages)
(208 pages)
Sensors Zilog Z16C35 User Manual
(322 pages)
(322 pages)
Sensors Zilog Z80380 User Manual
(268 pages)
(268 pages)
Sensors Zilog Z80380 User Manual
(116 pages)
(116 pages)
Sensors Zilog Z80195 User Manual
(47 pages)
(47 pages)
Sensors Zilog Z80180 User Manual
(326 pages)
(326 pages)
Sensors Zilog Z86193 User Manual
(260 pages)
(260 pages)
Sensors Zilog Z86C36 User Manual
(64 pages)
(64 pages)
Sensors Zilog Z86E07 User Manual
(43 pages)
(43 pages)
Sensors Zilog Z08470 User Manual
(326 pages)
(326 pages)
© 2020, manymanuals.com. All rights reserved. | 1.167 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals