Zilog EZ80F91AZA Manual do Utilizador Página 42

  • Descarregar
  • Adicionar aos meus manuais
  • Imprimir
  • Página
    / 79
  • Índice
  • MARCADORES
  • Avaliado. / 5. Com base em avaliações de clientes
Vista de página 41
UM020107-1211 SSL Configuration
ZTP Network Security SSL Plug-In
User Manual
36
CipherGen table. For additional information about configuring the HashGen array, see
Table 5
on page 25.
Configuring the
PkiGen array is difficult. Use the values listed in Table 6 to determine the
minimum set of PKI algorithms required based on the
KeyAlg field in all cipher suite
entries.
1. When RSA export cipher suites are used, the ZTP Network Security SSL Plug-In will
abort the establishment of a session if the RSA modulus exceeds the export limit
regarding public key size.
2. Any cipher suite containing the text DHE uses Ephemeral Diffie-Hellman (EDH)
parameters to arrive at a shared secret between the client and the server. Therefore, the
pDheInit function pointer must reference the dhe_init routine, or else Ephemeral
Diffie-Hellman cipher suites cannot be supported. The difference between a Diffie-
Hellman (DH) certificate and DHE parameters is that the private and public Diffie-
Hellman values never change when a DH certificate is used. In contrast, when DHE
parameters are used, the private and public values are changed each time a new ses-
sion is established.
3. When DSS certificates (using the DSA signature algorithm) are employed, EDH key
exchange is always performed. This situation exists because the DSA algorithm can-
not be used to establish a shared secret; it can only be used to digitally sign some other
datum. Therefore,
DHE_DSS cipher suites use Ephemeral Diffie-Hellman parameters
to arrive at a shared secret, and these parameters are signed using the public key con-
tained in the DSS certificate.
RSA certificates are used for encryption and signatures. Cipher suites using RSA for key
exchange through RSA encryption contain text such as
_RSA_WITH_ or
_RSA_EXPORT_WITH_
. Cipher suites using Ephemeral Diffie-Hellman parameters signed
with RSA use text such as
_DHE_RSA_.
In general, when a cipher suite contains two public key algorithms (for example,
TLS_DHE_RSA_WITH_DES_CBC_SHA), the first public key algorithm identifies the key
Table 6. PKI Algorithm Requirements by Cipher Suite
KeyAlg Value From
Cipher Suite
Required PKIGen
Entry
Required pDheInit
Setting
SSL_PKI_RSA rsa_init NULLPTR
SSL_PKI_DH dh_init NULLPTR
SSL_PKI_DHE_RSA rsa_init dhe_init
SSL_PKI_DHE_DSS dsa_init dhe_init
Notes:
Vista de página 41
1 2 ... 37 38 39 40 41 42 43 44 45 46 47 ... 78 79

Comentários a estes Manuais

Sem comentários