HP Switches use Secure Socket Layer Version 3 (SSLv3) and support for Transport Layer Security (TLSv1) to provide remote web access to the switches via encrypted paths between the switch and management station clients capable of SSL/TLS operation.
-
HP Switches use SSL and TLS for all secure web transactions, and all references to SSL mean using one of these algorithms unless otherwise noted.
-
SSL provides all the web functions but, unlike standard web access, SSL provides encrypted, authenticated transactions. The authentication type includes server certificate authentication with user password authentication.
SSL in the switches is based on the OpenSSL software toolkit. For more information on OpenSSL, visit www.openssl.org.
This is a subset of full certificate authentication of the user and host, only available when the switch has SSL enabled. As in Switch/user authentication, the switch authenticates itself to SSL-enabled web browser. Users on SSL browser then authenticate themselves to the switch - operator and manager levels - by providing passwords stored locally on the switch or on a TACACS+ or RADIUS server. However, the client does not use a certificate to authenticate itself to the switch.
SSL on the switches covered in this guide supports these data encryption methods:
-
3DES (168-bit, 112 Effective)
-
DES (56-bit)
-
RC4 (40-bit, 128-bit)
|
|
|
![[NOTE: ]](images/note.gif) |
NOTE: HP Switches use RSA public-key algorithms and Diffie-Hellman, and all references to a key mean keys generated using these algorithms unless otherwise noted. |
|
|