User's Manual

Table Of Contents
Configuration Guide of XGS-5240-Series
53-2
TCP. If the mechanism of the data forwarding in the lower layer is reliable, the data r
ead-in the network will be forwarded to the other program in sequence, lose packet an
d re-forwarding will not appear. A lot of transmission protocols can provide such kind of
service in theory, but in actual application, SSL is almost running on TCP, and not run
ning on UDP and IP directly.
When web function is running on the switch and client visit our web site through t
he internet browser, we can use SSL function. The communication between client and
switch through SSL connect can improve the security.
Firstly, SSL should be enabled on the switch. When the client tries to access the
switch through https method, a SSL session will be set up between the switch and the
client. When the SSL session has been set up, all the data transmission in the applic
ation layer will be encrypted.
SSL handshake is done when the SSL session is being set up. The switch should
be able to provide certification keys. Currently the keys provided by the switch are not
the formal certification keys issued by official authentic, but the private certification key
s generated by SSL software under Linux which may not be recognized by the web br
owser. With regard to the switch application, it is not necessary to apply for a formal S
SL certification key. A private certification key is enough to make the communication saf
e between the users and the switch. Currently it is not required that the client is able t
o check the validation of the certification key. The encryption key and the encryption m
ethod should be negotiated during the handshake period of the session which will be t
hen used for data encryption.
SSL session handshake process: