SSL protocol

The SSL protocol consists of server authentication and client authentication, followed by an encrypted conversation (SSL handshake).

Server authentication

SSL server authentication allows a client to confirm the identity of a server. SSL-enabled client software uses standard techniques of public-key cryptography to ensure that a server's certificate and public ID is valid, and that the certificate and ID were issued from one of the client's list of trusted certificate authorities (CA).

Client authentication

SSL client authentication allows a server to confirm a client's identity. Using the same techniques used for server authentication, SSL-enabled server software verifies that a client's certificate and public ID is valid and that the certificate and ID was issued by one of the server's list of trusted certificate authorities (CA).

Null Encryption

Null encryption allows for authentication to occur during the SSL handshake. After the SSL handshake completes, all messages flow without being encrypted over that socket.

SSL handshake

Both the client, the IMS TM resource adapter, and the server, IMS Connect, store their certificates and private keys in keystores. The SSL session between the IMS TM resource adapter and IMS Connect is established by following a handshake sequence between the client and the server. The sequence varies, depending on whether the server is configured to provide just a server certificate, or to provide a server certificate and request a client certificate, and which cipher suites are available for use. A cipher is an encryption algorithm. The SSL protocol determines how the client and the server negotiate the cipher suite to be used, authenticate one another, transmit certificates, establish session keys, and transmit messages. Some of the algorithms used in cipher suites include:
  • DES - Data Encryption Standard
  • DSA - Digital Signature Algorithm
  • KEA - Key Exchange Algorithm
  • MD5 - Message Digest algorithm
  • RC2 and RC4 - Rivest encryption ciphers
  • RSA - A public key algorithm for both encryption and authentication
  • RSA key exchange - A key-exchange for SSL based on the RSA algorithm
  • SHA-1 - Secure Hash Algorithm
  • SKIPJACK - A classified symmetric-key algorithm implemented in FORTEZZA-compliant hardware
  • Triple-DES - DES applied three times.