Secure Sockets Layer (SSL) is the open standard security protocol
for the secure transfer of sensitive information over the Internet.
SSL provides three things: privacy through encryption, server authentication, and
message integrity. Client authentication is available as an optional
function.
Starting with Version 7.3-1, HP provides SSL as part of the
OpenVMS Alpha operating system. HP SSL is compatible with OpenVMS
Alpha Version 7.2-2 and higher, and OpenVMS VAX Version 7.3 and
higher.
Protecting communication links to OpenVMS applications over
a TCP/IP connection can be accomplished through the use of SSL.
The OpenSSL APIs establish private, authenticated and reliable communications links
between applications.
The SSL protocol works cooperatively on top of several other
protocols. SSL works at the application level.The underlying mechanism
is TCP/IP (Transmission Control Protocol/Internet Protocol), which
governs the transport and routing of data over the Internet. Application
protocols, such as HTTP (HyperText Transport Protocol), LDAP (Lightweight
Directory Access Protocol), and IMAP (Internet Messaging Access
Protocol), run on top of TCP/IP. They use TCP/IP to support typical
application tasks, such as displaying web pages or running email
servers.
SSL addresses three fundamental security concerns about communication
over the Internet and other TCP/IP networks:
SSL server authentication -- Allows a user
to confirm a server's identity. SSL-enabled client software can use
standard techniques of public-key cryptography to check whether
a server's certificate and publicID are valid and have been issued
by a Certificate Authority (CA) listed in the client's list of trusted
CAs. Server authentication is used, for example, when a PC user
is sending a credit card number to make a purchase on the web and
wants to check the receiving server's identity.
SSL client authentication
-- Allows a server to confirm a user's identity. Using the same
techniques as those used for server authentication, SSL-enabled
server software can check whether a client's certificate and public
ID are valid and have been issued by a Certificate Authority (CA)
listed in the server's list of trusted CAs. Client authentication
is used, for example, when a bank is sending confidential financial information
to a customer and wants to check the recipient's identity.
An encrypted SSL connection
-- Requires all information sent between a client and a server to
be encrypted by the sending software and decrypted by the receiving
software, thereby providing a high degree of confidentiality. Confidentiality
is important for both parties to any private transaction. In addition,
all data sent over an encrypted SSL connection is protected with
a mechanism that automatically detects whether data has been altered
in transit.
For more information about SSL, see HP Open Source
Security for OpenVMS, Volume 2: HP SSL for OpenVMS or
the HP SSL web site at
HP OpenVMS Guide to System Security
Security Overview
