Show TOC Start of Content Area

This graphic is explained in the accompanying text SSL Provider Service  Locate the document in its SAP Library structure

Purpose

The main purpose of the Secure Sockets Layer (SSL) protocol is to provide privacy and to secure the connection between two communicating applications. This protocol is two-layered.

At the lower level is the SSL record protocol, based on a transport protocol (such as TCP). It is used to encapsulate the other protocols from a higher level. The SSL handshake protocol is an example of an encapsulated protocol. It enables the server and the client to identify each other and to reach an agreement for the cryptographic algorithm and cryptographic key to be used before the application protocol transmits the first byte of information.

A higher-level protocol can then be laid over the SSL protocol. A secure connection has the following features:

·        The connection is private. The communicating parties use encryption after the first handshake for defining a secret key. Symmetrical cryptography is used for encrypting the data (DES, RC4, and others).

·        The identity of the communicating parties can be determined using asymmetric or public key cryptography (RSA, DSS, and others).

·        The connection is reliable. The message transfer includes a check for message integrity by using a locked message authentication code (MAC). The security hash functions (SHA, MD5, and others) are used in the calculations of the MAC.

One of the best features of the SSL communication protocol is its independence of application protocol.

Another protocol is the Transport Layer Security (TLS), which is based on the SSL 3.0 protocol specification. The architecture and the basic ideas in this protocol are the same as these described above about the SSL communication protocol.

Note

The SSL Provider service uses the Unlimited Strength Java(TM) Cryptography Extension Policy Files for enabling the transport layer security features and securing network communication.

For more information about these protocols, see the SSL Specification provided by Netscape.

Implementation Considerations

Use the SSL connection when you want to obtain a secure connection between communicating parties.

Integration

Since the SSL Provider service uses a strong reference to the Key Storage service, you must start the Key Storage service first.

Features

·        The SSL Provider service uses the certificates created using Key Storage service. For more information, see Key Storage Service.

·        You can manage the credentials and trusted certificates to use SSL.

·        The service provides information about the expiration period of the installed certificates. For more information, see Certificate Expiration Notification.

 

 

End of Content Area