Module 5 tls and ssl
This presentation is the property of its rightful owner.
Sponsored Links
1 / 36

Module 5: TLS and SSL PowerPoint PPT Presentation


  • 48 Views
  • Uploaded on
  • Presentation posted in: General

Module 5: TLS and SSL. Overview. Transport Layer Security Overview Secure Socket Layer Overview SSL Termination SSL in the Hosted Environment Load Balanced SSL Setting up SSL in a Load Balanced Environment. Transport Layer Security Overview. Transport Layer Security.

Download Presentation

Module 5: TLS and SSL

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Module 5 tls and ssl

Module 5: TLS and SSL


Overview

Overview

  • Transport Layer Security Overview

  • Secure Socket Layer Overview

  • SSL Termination

  • SSL in the Hosted Environment

  • Load Balanced SSL

  • Setting up SSL in a Load Balanced Environment


Module 5 tls and ssl

Transport Layer Security Overview


Transport layer security

Transport Layer Security

  • Transport Layer Security (TLS) and its predecessor, Secure SocketsLayer (SSL), are cryptographic protocols that "provide communications security over the Internet".

  • TLS and SSL encrypt the segments of network connections above the Transport Layer, using symmetric cryptography for privacy and a keyed message authentication code for message reliability.

  • Several versions of the protocols are in widespread use in applications like web browsing, electronic mail, Internet faxing, instant messaging and voice-over-IP (VoIP).


Description

Description

  • The TLS protocol allows client/server applications to communicate across a network in a way designed to prevent eavesdropping and tampering.

  • A TLS client and server negotiate a stateful connection by using a handshaking procedure. During this handshake, the client and server agree on various parameters used to establish the connection's security.

  • The handshake begins when a client connects to a TLS-enabled server requesting a secure connection, and presents a list of supported CipherSuites (ciphers and hash functions).


Security

Security

TLS/SSL have a variety of security measures:

  • Protection against a downgrade of the protocol to a previous (less secure) version or a weaker cipher suite.

  • The message that ends the handshake ("Finished") sends a hash of all the exchanged handshake messages seen by both parties.

  • SSL v3 improved upon SSL v2 by adding SHA-1 based ciphers, and support for certificate authentication.


Tls record protocol

TLS record protocol


Module 5 tls and ssl

Secure Socket Layer Overview


Secure socket layer

Secure Socket layer

  • SSL (secure socket layer) is an encryption protocol created by Netscape to implement secure web transactions on port 443 (the unsecure default port is 80)

  • Today SSL goes by the name TLS (transport layer security) and is used in many other places like communicating with a POP3 server over port 995 (the unsecure default port is 110)


Secure socket layer1

Secure Socket layer

With the evolution of e-business, data security has become very important for Internet users. The Secure Socket Layer (SSL) protocol ensures that the transfer of sensitive information over the Internet is secure. SSL protects information from:

  • Internet eavesdropping

  • Data theft

  • Traffic analysis

  • Data modification

  • Trojan horse browser /server


Secure socket layer2

Secure Socket layer

The SSL protocol consists of server authentication, client authentication (optional but strongly recommended) followed by an encrypted conversation. The following scenario steps through the SSL process.

  • Server authentication

  • Client authentication

  • SSL handshake


Secure socket layer3

Secure Socket layer

  • On an OpenVMS system you could find SSL in two locations depending upon your setup:

  • Under Apache/SWS (Secure Web Server) if you have installed it. (it has its own CERT TOOL)

  • As a standalone product if you have installed it. (This is automatically installed with OpenVMS 8.3 and higher)Use thE DCL command to check for it on your system:


Secure socket layer4

Secure Socket layer


Ssl handshake

SSL Handshake


Module 5 tls and ssl

SSL Termination


Ssl termination

SSL Termination

  • SSL termination in a CSS occurs when an SSL module, acting as a proxy server, terminates an SSL connection from a client, and then establishes a TCP connection to a server.

  • When the module terminates the SSL connection, it decrypts the data and sends the data as clear text to the CSS for a decision on load balancing.

  • The CSS transmits the data as clear text either to an HTTP server or back to the SSL module for encryption to a configured back-end SSL server.


Ssl termination1

SSL Termination

  • An SSL proxy list determines the flow of SSL information between the SSL module, the client, and the server. An SSL proxy list comprises one or more virtual SSL servers (related by index entry).

  • An SSL module in the CSS uses the virtual SSL servers to properly process and terminate SSL communications between the client and the server.

  • You can define a maximum of 256 virtual SSL servers for a single SSL proxy list.


Ssl termination2

SSL Termination

  • After you create and configure the entries in a proxy list, you must activate the list, and then add the SSL proxy list to a service to initiate the transfer of SSL configuration data to the SSL module.

  • When you activate the service, the CSS transfers the data to the module. Then you can add each SSL service to an SSL content rule.


Ssl termination3

SSL Termination


Basic ssl termination configuration flow diagram

Basic SSL Termination Configuration Flow Diagram


Client and traffic server communication using ssl termination

Client and Traffic Server communication using SSL termination


Module 5 tls and ssl

SSL in the Hosted Environment


One ip address that is shared by multiple hosted organizations

One IP address that is shared by multiple hosted organizations


Ssl in the hosted environment

SSL in the Hosted Environment

  • If you are using SSL, use a unique IP address for each hosted organization. To use this configuration, you must bind the IP address to the xSPServer1.

  • The figure in the next slide shows xSPserver2 supporting three hosted organizations, each with its own unique IP address.


Individual ip addresses

Individual IP Addresses


Combination of ip address configurations

Combination of IP address configurations


Hosted environment architecture

Hosted Environment Architecture


Module 5 tls and ssl

Load Balanced SSL


Load balanced ssl

Load Balanced SSL

  • SSL applications can be a heavy burden on the resources of a Web Server, especially on the CPU and the end users may see a slow response

  • To resolve these kinds of issues, a Load Balancer capable of handling SSL Offloading in specialized hardware may be used

  • When Load Balancers are taking the SSL connections, the burden on the Web Servers is reduced and performance will not degrade for the end users.


Load balance ssl request

Load Balance SSL Request


Load balancing device hld running ssl

Load-balancing device (HLD) running SSL


Load balancing support for ssl termination

Load Balancing: Support for SSL Termination


Module 5 tls and ssl

Setting up SSL in a Load Balanced Environment


Module 5 tls and ssl

This Diagram describes the procedure to set up the cluster and enable reverse proxy to support load-balancing of HTTP requests.


Web access cluster

Web Access Cluster


  • Login