16 Security in Detail
Secure Sockets Layer (SSL)
SSL uses digital certificates for authentication and cryptography against eavesdropping and tampering. Sometimes only the server is authenticated, sometimes both server and client. The XPort Pro can be server and/or client, depending on the application. Public key encryption systems exchange information and keys and set up the encrypted tunnel.
Efficient symmetric encryption methods encrypt the data going through the tunnel after it is established. Hashing provides tamper detection.
Applications that can make use of SSL are Tunneling, Secure Web Server, and WLAN interface.
The XPort Pro supports SSlv3 and its successors, TLS1.0 and TLS1.1.
Note: An incoming SSlv2 connection attempt is answered with an SSlv3 response. If the initiator also supports SSLv3, SSLv3 handles the rest of the connection.
CipherSuites
The SSL standard defines only certain combinations of certificate type, key exchange method, symmetric encryption, and hash method. Such a combination is called a cipher suite.
XPort Pro currently supports the following list of cipher suites:
Certificate | Key exchange | Encryption | Hash |
DSA | DHE | 3DES | SHA1 |
RSA | RSA | 128 bits AES | SHA1 |
RSA | RSA | Triple DES | SHA1 |
RSA | RSA | 128 bits RC4 | MD5 |
RSA | RSA | 128 bits RC4 | SHA1 |
RSA | 1024 bits RSA | 56 bits RC4 | MD5 |
RSA | 1024 bits RSA | 56 bits RC4 | SHA1 |
RSA | 1024 bits RSA | 40 bits RC4 | MD5 |
Whichever side is acting as server decides which cipher suite to use for a connection. It is usually the strongest common denominator of the cipher suite lists supported by both sides.
Certificates
The goal of a certificate is to authenticate its sender. It is analogous to a paper document that contains personal identification information and is signed by an authority, for example a notary or government agency.
XPort Pro™ User Guide | 137 |
