Security profiles define the security characteristics of a client-EAServer session. You assign a security profile to a listener, which is a port that accepts client connection requests of various protocols. EAServer can support multiple listeners. Clients that support the same characteristics can communicate to EAServer via the port defined in the listener.
Each security profile has an associated security characteristic. A security characteristic is a name that has a set of cipher suites associated with it. A security characteristic, along with the cipher suites, defines these characteristics of a client/server connection:
Protocol All profiles use SSL version 3 as the underlying protocol. IIOPS and HTTPS traffic is tunneled through SSL.
Authentication Whether or not authentication is used. Profiles can support:
No authentication – neither client nor server need to provide a certificate for authentication.
Server authentication – only the server needs to provide a certificate to be accepted or rejected by the client.
Client and server authentication – both the client and server supply certificates to be accepted or rejected by the other.
Encryption strength and method Whether or not data is encrypted, and if so, the key strength and method of the encryption.
International use All cipher suites are available domestically, but not all are suitable for export outside of the United States and Canada.
Hashing method The method used to create the message digest.
For example, the cipher suite SSL_RSA_WITH_NULL_MD5 can be interpreted as:
SSL – the protocol used. All profiles use SSL.
RSA – the key exchange algorithm used.
NULL – no encryption.
MD5 – the hash method used to compute the message digest.
Table 12-1 and Table 12-2 clarify the relationship between cipher suite terminology and security characteristics.
Browsers do not support anonymous cipher suites.
| Copyright © 2003. Sybase Inc. All rights reserved. |
|
|
