11: Security Settings
EDS1100/2100 Device Server User Guide
94
SSL Settings
Secure Sockets Layer (SSL) is a protocol for managing the security of data transmission over the
Internet. It provides encryption, authentication, and message integrity services. SSL is widely used
for secure communication to a web server.
Certificate/Private key combinations can be obtained from an external Certificate Authority (CA)
and downloaded into the unit. Self-signed certificates with associated private key can be
generated by the device server itself.
For more information regarding Certificates and how to obtain them, see
.
SSL uses digital certificates for authentication and cryptography against eavesdropping and
tampering. Sometimes only the server is authenticated; sometimes both server and client are
authenticated. The EDS1100/2100 device server can be server and/or client, depending on the
application. Public key encryption systems exchange information and keys and set up the
encrypted tunnel.
Efficient symmetric encryption methods encrypt the data going through the tunnel after it is
established. Hashing provides tamper detection.
Applications that can make use of SSL are Tunneling, Secure Web Server, and WLAN interface.
The EDS1100/2100 unit supports SSLv3 and its successors, TLS1.0 and TLS1.1.
Note:
An incoming SSLv2 connection attempt is answered with an SSLv3 response. If
the initiator also supports SSLv3, SSLv3 handles the rest of the connection.
SSL Cipher Suites
The SSL standard defines only certain combinations of certificate type, key exchange method,
symmetric encryption, and hash method. Such a combination is called a cipher suite. Supported
cipher suites include the following:
Whichever side is acting as server decides which cipher suite to use for a connection. It is usually
the strongest common denominator of the cipher suite lists supported by both sides.
Note:
The SHA2 hash algorithm negotiates with the MD5 or SHA1 ciphers to establish a
successful SSL connection.
Table 11-11 Supported Cipher Suites
Certificate
Key Exchange
Encryption
Hash
RSA
RSA
128 bits AES
SHA1
RSA
RSA
Triple DES
SHA1
RSA
1024 bits RSA
56 bits RC4
MD5
RSA
1024 bits RSA
56 bits RC4
SHA1
RSA
1024 bits RSA
40 bits RC4
MD5