Secure Sockets Layer (SSL) is the open standard
security protocol for the secure transfer of sensitive information
over the Internet. SSL provides three things: privacy through encryption,
server authentication, and message integrity. Client authentication
is available as an optional function.
Starting with Version 7.3-1, HP provides SSL as
part of the OpenVMS Alpha operating system. HP SSL is compatible with
OpenVMS Alpha Version 7.2-2 and higher, and OpenVMS VAX Version 7.3
Protecting communication links to OpenVMS applications
over a TCP/IP connection can be accomplished through the use of SSL.
The OpenSSL APIs establish private, authenticated and reliable communications
links between applications.
The SSL protocol works cooperatively on top of
several other protocols. SSL works at the application level.The underlying
mechanism is TCP/IP (Transmission Control Protocol/Internet Protocol),
which governs the transport and routing of data over the Internet.
Application protocols, such as HTTP (HyperText Transport Protocol),
LDAP (Lightweight Directory Access Protocol), and IMAP (Internet Messaging
Access Protocol), run on top of TCP/IP. They use TCP/IP to support
typical application tasks, such as displaying web pages or running
SSL addresses three fundamental security concerns
about communication over the Internet and other TCP/IP networks:
SSL server authentication -- Allows a user to confirm
a server's identity. SSL-enabled client software can use standard
techniques of public-key cryptography to check whether a server's
certificate and publicID are valid and have been issued by a Certificate
Authority (CA) listed in the client's list of trusted CAs. Server
authentication is used, for example, when a PC user is sending a credit
card number to make a purchase on the web and wants to check the receiving
SSL client authentication -- Allows a server to confirm
a user's identity. Using the same techniques as those used for
server authentication, SSL-enabled server software can check whether
a client's certificate and public ID are valid and have been
issued by a Certificate Authority (CA) listed in the server's
list of trusted CAs. Client authentication is used, for example, when
a bank is sending confidential financial information to a customer
and wants to check the recipient's identity.
An encrypted SSL connection -- Requires all information
sent between a client and a server to be encrypted by the sending
software and decrypted by the receiving software, thereby providing
a high degree of confidentiality. Confidentiality is important for
both parties to any private transaction. In addition, all data sent
over an encrypted SSL connection is protected with a mechanism that
automatically detects whether data has been altered in transit.
For more information about SSL, see the HP Open Source Security for OpenVMS, Volume 2: HP SSL for OpenVMS or the HP SSL website at