correctly. One of the purposes of this whitepaper is to show administrators how to properly deploy SSL/TLS so that it can be used securely.
SSL/TLS is also used in other applications, such as LDAPS and 802.1X. This whitepaper will discuss how SSL/TLS works when Jetdirect is operating as a client (e.g., LDAPS, IPPS). 802.1X is covered extensively in a separate whitepaper. See http://www.hp.com/go/secureprinting for the latest information regarding HP’s printing and imaging products.
What is SSL/TLS?
SSL/TLS is a security protocol. It has a purpose: To provide authentication, integrity, and confidentiality to the data it encapsulates. While SSL/TLS is commonly associated with the TCP/IP protocol suite, it can be used within other frameworks as well. The most common protocol that uses SSL/TLS functionality is HTTPS. In this section, for the sake of familiarity and clarity, we’ll discuss SSL/TLS within the context of TCP/IP, primarily with HTTP and HTTPS.
Refer to Figure 1: HTTP Application. Here is the normal view of an HTTP session from a web browser to a Jetdirect device.
Figure 1 - HTTP Application
In Figure 2 – HTTPS Application, we can see how SSL/TLS is deployed. This would be done by using “HTTPS” in the URL of the browser.
Figure 2 - HTTPS Application
We can see that HTTPS is really just running HTTP over SSL/TLS which runs over TCP. How does the browser know when to use SSL/TLS? Well, the URL of “https://” indicates to the browser that it needs to change its behavior and invoke SSL/TLS. Refer to Figure 3 – Application Changes. We can
2