TLS and SSL basics

TLS and SSL are both protocols that provide security to services accessed over a network (LAN or WAN). TLS is the Internet Engineering Task Force (IETF) standardized version of SSL, which was originally implemented on Netscape Navigator. Most people who use a web browser, such as Mozilla Firefox, frequently use TLS without realizing it. When HTTPS is listed on the address bar on a web browser, it means that TLS is being used for communicating with the web server that is specified on the address bar. TLS ensures that data that goes back and forth between the client and server is encrypted when it travels over the network. TLS can ensure that the client and the server are authenticated websites, such as those hosted by Internet banking and Internet retail stores, which deploy TLS to ensure that credit card numbers and credentials of their customers are transported securely over the Internet.

This section describes how to create a configuration that provides secure communication between a HyperSwap server and Copy Services Manager, by using the same technology that protects your credit cards when you interact with an Internet retailer. The following steps describe a simplified process:

1. The server and client decide to use TLS.
2. The client initiates the handshake process by sending a client hello message. The message includes the list of encryption algorithms that are supported by the client.
3. The server selects its preferred encryption algorithm from the list that is provided by the client, and sends the client its server certificate along with its choice of encryption algorithm for the session.
4. The client verifies the validity of the server certificate by checking the cryptographic signature of the certificate authority (CA). It also checks whether the certificate authority that signed the server certificate is among the database of trusted authorities in its database of certificates.
5. When the certificate is known to be valid, the client proceeds to generate a new encryption key, based on the scheme that is selected by the server. This new key is shared between the server and the client for the encryption of the communication only in this specific session. To securely send this new key to the server, the client encrypts the new key with the public key that is embedded in the server certificate.
6. The server receives the new key for the session and decrypts it using its private key.
7. The client proceeds to send a message telling the server that it is ready for secured communication and that further messages will be encrypted.
8. The server reciprocates.
9. The encrypted session begins.