HP OpenVMS Systems Documentation

Content starts here
HP Open Source Security for OpenVMS Volume 2: HP SSL for OpenVMS

Chapter 2 Overview of SSL

  Table of Contents

  Index

Secure Sockets Layer (SSL) is the open standard security protocol for the secure transfer of sensitive information over the Internet. SSL provides three things: privacy through encryption, server authentication, and message integrity. Client authentication is available as an optional function.

OpenVMS includes three standards-based cryptographic security solutions, HP SSL for OpenVMS, Common Data Security Architecture (CDSA), and Kerberos for OpenVMS that protect your information and communications.

Protecting communication links to OpenVMS applications over a TCP/IP connection can be accomplished through the use of SSL. The OpenSSL APIs establish private, authenticated and reliable communications links between applications.

CDSA for OpenVMS provides a security infrastructure that allows for the creation of multiplatform, open source industry standard cryptographic solutions. CDSA provides a flexible mix-and-match solution among a variety of different applications and security services. This allows for compliance to local regulation while keeping the security underpinnings transparent to the end user. For more information, see the HP Open Source Security for OpenVMS, Volume 1: Common Data Security Architecture.

Kerberos is a network authentication protocol designed to provide strong authentication for client/server applications by using secret-key cryptography. It was developed at the Massachusetts Institute of Technology as part of Project Athena in the mid-1980s. The Kerberos protocol uses strong cryptography, so that a client can prove its identity to a server (and vice versa) across an insecure network connection. After a client and server have used Kerberos to prove their identity, they can also encrpt all of their communications to assure privacy and data integrity. For more information, see HP Open Source Security for OpenVMS, Volume 3: Kerberos.

NOTE: SSL data transport requires encryption. Many governments, including the United States, have restrictions on the import and export of cryptographic algorithms. Please ensure that your use of SSL is in compliance with all national and international laws that apply to you.

This chapter discusses the following topics:

  • The SSL protocol

  • The SSL handshake

  • Public key encryption

  • Certificates

  • Cipher suite

  • Digital signatures