Configuring Secure Socket Layer (SSL)

Terminology

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

HP

 

 

 

 

 

1. Switch-to-Client SSL Cert.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Switch

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

2.

User-to-Switch (login password and

(SSL

 

 

 

 

 

 

enable password authentication)

 

 

 

 

 

 

 

 

 

 

 

 

options:

 

 

 

 

 

 

Server)

 

 

 

 

 

 

Local

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

TACACS+

 

 

 

 

 

 

 

 

 

 

 

 

 

 

RADIUS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SSL Client Browser

Figure 5-1. Switch/User Authentication

 

SSL on the Series 4100GL switches supports these data encryption methods:

 

3DES (168-bit, 112 Effective)

 

DES (56-bit)

 

RC4 (40-bit, 128-bit)

 

 

N o t e :

ProCurve Switches use RSA public key algorithms and Diffie-Hellman, and all

references to a key mean keys generated using these algorithms unless otherwise noted

Terminology

SSL Server: An HP switch with SSL enabled.

Key Pair: Public/private pair of RSA keys generated by switch, of which public portion makes up part of server host certificate and private portion is stored in switch flash (not user accessible).

Digital Certificate: A certificate is an electronic "passport" that is used to establish the credentials of the subject to which the certificate was issued. Information contained within the certificate includes: name of the subject, serial number, date of validity, subject's public key, and the digital signature of the authority who issued the certifi- cate. Certificates on Procurve switches conform to the X.509v3 standard, which defines the format of the certificate.

Self-Signed Certificate: A certificate not verified by a third-party certificate authority (CA). Self-signed certificates provide a reduced level of security compared to a CA-signed certificate.

5-3

Page 115
Image 115
HP 4100gl manual 3DES 168-bit, 112 Effective, RC4 40-bit, 128-bit