Manualshelf

User guide

ManualsBrandsBlackberry ManualsComputer equipmentENTERPRISE SOLUTION SECURITY - SECURITY FOR DEVICES WITH BLUETOOTH WIRELESS TECHNOLOGY - TECHNICAL
141142143144145146147148149150
How an SSL connection between a Wi-Fi enabled
device and the BlackBerry Infrastructure protects data
An SSL connection between a Wi-Fi enabled BlackBerry device and the BlackBerry Infrastructure is designed to provide
the same protection that an SRP connection between the BlackBerry Enterprise Server and BlackBerry Infrastructure
provides. It is designed so that a potentially malicious user cannot use the SSL connection to send data to or receive data
from the device.
If a potentially malicious user tries to impersonate the BlackBerry Infrastructure, the device is designed to prevent the
connection. The device verifies whether the public key of the SSL certificate of the BlackBerry Infrastructure matches the
private key of the root certificate that is preloaded on the device during the manufacturing process. If a user accepts a
certificate that is not valid, the connection cannot open unless the device can also authenticate with a valid
BlackBerry
Enterprise Server or valid BlackBerry Internet Service.
Data flow: Opening an SSL connection between the
BlackBerry Infrastructure and a Wi-Fi enabled device
1. A Wi-Fi enabled BlackBerry device sends a request to the BlackBerry Infrastructure to open an SSL connection.
2. The BlackBerry Infrastructure sends its SSL certificate to the device.
3. The device uses a root certificate that is preloaded on the device to verify the SSL certificate. If the user deleted the root
certificate, the device prompts the user to trust the SSL certificate.
4. The device opens the SSL connection.
Cipher suites that a Wi-Fi enabled device supports for
opening SSL connections and TLS connections
A Wi-Fi enabled BlackBerry device supports various cipher suites for direct mode SSL/TLS when the device opens SSL
connections or TLS connections to the BlackBerry Infrastructure or to web servers that are external to your organization.
The device supports the following cipher suites, in order, when it opens SSL connections:
SSL_RSA_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA
SSL_RSA_WITH_3DES_EDE_CBC_SHA
Security Technical Overview Wi-Fi enabled devices
141