[top]
[prev]
[next]

Documentation Top
Global Index
Reference Manual
TOC Index
Grammar Index
Developer’s Guide
TOC Index
Tuning Cloudscape
TOC Index
|
SSL
Secure Socket Layer (SSL) is a protocol designed to guarantee privacy and integrity of messages on the wire. Cloudscape has been verified to work with application servers that support SSL. In addition, Cloudconnector supports SSL beginning with Version 2.0.
This section provides an overview of the way SSL works. For specific information on using and configuring SSL for Cloudconnector, see the Cloudscape Server and Administration Guide.
There are two parts to secure communications:
- Authentication
Authentication takes place at two levels: first, verifying that the communicating parties are who they say they are, and second, verifying that each message sent is from the expected sender and has not been tampered with.
Initial authentication with SSL involves the use of a certificate. The certificate is made up of a public key and some information about the owner of the corresponding private key. The certificate is signed cryptographically by a certificate authority.
A cryptographic signature can be verified based on the public key of the certificate authority; forging a cryptographic signature without knowing the certificate authority's private key is statistically close to impossible.
- Encryption
Encryption makes clear text unintelligible to everyone except those who have a key to decipher it.
Encryption requires a key and an algorithm, and both parties must know the key and the algorithm used to create it. The number of possible keys an encryption algorithm can support depends on the number of bits in the key. The longer the key, the more secure the encrypted message.
SSL uses public-key cryptography for authentication and to establish a shared secret key. Public-key cryptography uses public/private key pairs. The public key is used to encrypt and to verify a cryptographical signature. The private key is used to decrypt and sign cryptographically. You advertise your public key to the world so that everyone can send you messages that only you can decrypt, and everyone can verify your cryptographic signature.
SSL offers a choice of encryption algorithms. For encryption to work properly, both parties must know which algorithms--called a cipher suite--will be used; SSL negotiates this choice.
Some users may be interested in both levels of security--encryption and authentication--particularly if clients and servers will be exchanging sensitive information over the Internet. In many cases, only the server will be asked to authenticate itself to assure the client that it is a trusted server; in other cases, users may need two-way authentication, in which both client and server exchange certificates. In other situations, in which communications are between trusted clients and a server, an application may use encryption to protect privacy, but authentication may be less important since clients and server are already known to each other.
|