Secure Sockets Layer (SSL) is the open standard security protocolfor the secure transfer of sensitive information over the Internet.SSL provides three things: privacy through encryption, server authentication, andmessage integrity. Client authentication is available as an optionalfunction.
Starting with Version 7.3-1, HP provides SSL as part of theOpenVMS Alpha operating system. HP SSL is compatible with OpenVMSAlpha Version 7.2-2 and higher, and OpenVMS VAX Version 7.3 andhigher.
Protecting communication links to OpenVMS applications overa TCP/IP connection can be accomplished through the use of SSL.The OpenSSL APIs establish private, authenticated and reliable communications linksbetween applications.
The SSL protocol works cooperatively on top of several otherprotocols. SSL works at the application level.The underlying mechanismis TCP/IP (Transmission Control Protocol/Internet Protocol), whichgoverns the transport and routing of data over the Internet. Applicationprotocols, such as HTTP (HyperText Transport Protocol), LDAP (LightweightDirectory Access Protocol), and IMAP (Internet Messaging AccessProtocol), run on top of TCP/IP. They use TCP/IP to support typicalapplication tasks, such as displaying web pages or running emailservers.
SSL addresses three fundamental security concerns about communicationover the Internet and other TCP/IP networks:
SSL server authentication -- Allows a userto confirm a server's identity. SSL-enabled client software can usestandard techniques of public-key cryptography to check whethera server's certificate and publicID are valid and have been issuedby a Certificate Authority (CA) listed in the client's list of trustedCAs. Server authentication is used, for example, when a PC useris sending a credit card number to make a purchase on the web andwants to check the receiving server's identity.
SSL client authentication-- Allows a server to confirm a user's identity. Using the sametechniques as those used for server authentication, SSL-enabledserver software can check whether a client's certificate and publicID are valid and have been issued by a Certificate Authority (CA)listed in the server's list of trusted CAs. Client authenticationis used, for example, when a bank is sending confidential financial informationto a customer and wants to check the recipient's identity.
An encrypted SSL connection-- Requires all information sent between a client and a server tobe encrypted by the sending software and decrypted by the receivingsoftware, thereby providing a high degree of confidentiality. Confidentialityis important for both parties to any private transaction. In addition,all data sent over an encrypted SSL connection is protected witha mechanism that automatically detects whether data has been alteredin transit.
For more information about SSL, see HP Open SourceSecurity for OpenVMS, Volume 2: HP SSL for OpenVMS orthe HP SSL web site at