Manualshelf

User guide

ManualsBrandsBlackberry ManualsOtherENTERPRISE SOLUTION SECURITY - ENFORCING ENCRYPTION OF INTERNAL AND EXTERNAL FILE SYSTEMS ON DEVICES
101102103104105106107108109110
How an SSL connection between a Wi-Fi enabled BlackBerry device and the BlackBerry
Infrastructure protects data
An SSL connection between a Wi-Fi® enabled BlackBerry® device and the BlackBerry® Infrastructure is designed to provide the
same protection that an SRP connection between the BlackBerry® Enterprise Server and BlackBerry Infrastructure provides. It
is designed so that a potentially malicious user cannot use the SSL connection to send data to or receive data from the BlackBerry
device.
If a potentially malicious user tries to impersonate the BlackBerry Infrastructure, the BlackBerry device is designed to prevent
the connection. The BlackBerry device verifies whether the public key of the SSL certificate of the BlackBerry Infrastructure
matches the private key of the root certificate that is preloaded on the BlackBerry device during the manufacturing process. If a
user accepts a certificate that is not valid, the connection cannot open unless the BlackBerry device can also authenticate with
a valid BlackBerry Enterprise Server or valid BlackBerry® Internet Service.
Process flow: Opening an SSL connection between the BlackBerry Infrastructure and a Wi-
Fi enabled BlackBerry device
1. A Wi-Fi® enabled BlackBerry® device sends a request to the BlackBerry® Infrastructure to open an SSL connection.
2. The BlackBerry Infrastructure sends its SSL certificate to the BlackBerry device.
3. The BlackBerry device uses a root certificate that is preloaded on the BlackBerry device to verify the SSL certificate. If the
user deleted the root certificate, the BlackBerry device prompts the user to trust the SSL certificate.
4. The BlackBerry device opens the SSL connection.
Cipher suites that a Wi-Fi enabled BlackBerry device supports for opening SSL connections
and TLS connections
A Wi-Fi® enabled BlackBerry® device supports various cipher suites for direct mode SSL/TLS when the BlackBerry device opens
SSL connections or TLS connections to the BlackBerry® Infrastructure or to web servers that are external to your organization.
The BlackBerry device supports the following cipher suites, in order, when it opens SSL connections:
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_RSA_WITH_DES_CBC_SHA
SSL_DH_anon_WITH_RC4_128_MD5
SSL_DHE_DSS_WITH_DES_CBC_SHA
SSL_RSA_WITH_DES_CBC_SHA
Security Technical Overview
How a Wi-Fi enabled BlackBerry device can connect to the BlackBerry Infrastructure
105