Cisco Cisco Web Security Appliance S670 Guia De Resolução De Problemas
Content Security Appliance Data Encryption with
SSL and TLS
SSL and TLS
Document ID: 117920
Contributed by Andrew Wurster, Robert Sherwin, Cisco TAC
Engineers.
Jul 11, 2014
Engineers.
Jul 11, 2014
Contents
Introduction
SSL and TLS Overview
SSL and TLS Usage
SSL and TLS Overview
SSL and TLS Usage
Introduction
This document provides definitions for the Secure Sockets Layer (SSL) and Transport Layer Security (TLS)
encryption methods and describes how they are used.
encryption methods and describes how they are used.
SSL and TLS Overview
The SSL and TLS encryption methods are the two most highly−used methods for data encryption over a
network stream or transport session.
network stream or transport session.
The SSL encryption method was originally developed by Netscape in order to secure HTTP communications
that traversed the Internet during its widespread adoption in the 1990's. The SSL Version 2.0 was the first
public release, followed shortly by SSL Version 3.0, which was updated in order to address some serious
security flaws in the previous version.
that traversed the Internet during its widespread adoption in the 1990's. The SSL Version 2.0 was the first
public release, followed shortly by SSL Version 3.0, which was updated in order to address some serious
security flaws in the previous version.
The TLS Version 1.0 was the successor to the SSL Version 3.0. It offered security algorithm, alerting, and
specification enhancements. Although the changes were subtle, they were drastic enough to make the two
protocols incompatible with one another. The TLS encryption method has since been improved with
additional cipher suites, such as Advanced Encryption Standard (AES), and more secure key generation
algorithms. The most current version at this time is TLS Version 1.2.
specification enhancements. Although the changes were subtle, they were drastic enough to make the two
protocols incompatible with one another. The TLS encryption method has since been improved with
additional cipher suites, such as Advanced Encryption Standard (AES), and more secure key generation
algorithms. The most current version at this time is TLS Version 1.2.
Note: As of AsyncOS 8.5.6, only TLS v1 is supported. TLS v1.1, 1.2 are not yet supported. Please
review sslconfig from the CLI, and choose GUI, INBOUND, or OUTBOUND to view cipher methods
available.
review sslconfig from the CLI, and choose GUI, INBOUND, or OUTBOUND to view cipher methods
available.
SSL and TLS Usage
Today, most client−server programs that utilize secure transports, such as Simple Mail Transfer Protocol
(SMTP) and HTTPS transactions, are based on SSL Version 3.0 and TLS Version 1.x. Although many
applications have built−in support for secure transports like SSL and TLS, any program can be carried over
secure tunnels. Many new applications have evolved for this reason, such as secure phone communications
like the Session Initiation Protocol (SIP) and VPNs, which make use of a modified TLS encryption method
that is carried over UDP−type IP packets (dTLS).
(SMTP) and HTTPS transactions, are based on SSL Version 3.0 and TLS Version 1.x. Although many
applications have built−in support for secure transports like SSL and TLS, any program can be carried over
secure tunnels. Many new applications have evolved for this reason, such as secure phone communications
like the Session Initiation Protocol (SIP) and VPNs, which make use of a modified TLS encryption method
that is carried over UDP−type IP packets (dTLS).
While the terms SSL and TLS are sometimes used interchangeably, the protocols are not identical. The