Overview
Switches use SSLv3 and TLSv1.0, TLS v1.1, TLS v1.2 to provide secure web access.
Switches use SSL/TLS for all secure web transactions, and all references to SSL mean using one of these algorithms unless otherwise noted.
Switches use RSA public-key algorithms and Diffie-Hellman, and all references to a key mean keys generated using these algorithms unless otherwise noted.
SSL provides all the web functions but, unlike standard web access, SSL provides encrypted, authenticated transactions. The authentication type includes server certificate authentication with user password authentication.
The certificate key pair is not be confused with the SSH key. The certificate key and the SSH key are independent of each other.
NOTE: For the 5400zl and 8200zl switches, when the switch is in enhanced secure mode, the SSL server does not allow protocol versions lower than TLS 1.0. For more information, see Secure Mode (3800, 3810, 5400zl, and 8200zl Switches). | |
Server certificate authentication with user password authentication
This is a subset of full certificate authentication of the user and host, only available when the switch has SSL enabled. As in Switch/user authentication, the switch authenticates itself to SSL-enabled web browser, creating a secure SSL/TLS connection. Users on SSL browser then authenticate themselves to the switch - operator and manager levels - by providing passwords stored locally on the switch or on a TACACS+ or RADIUS server. However, the client does not use a certificate to authenticate itself to the switch.