For the list of Cipher suites supported, see FCS_COP.1(2) in the Security Target.
5. SSL Change cipher spec protocol: The SSL change cipher spec protocol signals transitions in the
security parameters. The protocol consists of a single message, which is encrypted with the current
security parameters. Using the change cipher spec message, security parameters can be changed by
either the client or the server. The receiver of the change cipher spec message informs the SSL record
protocol of the updates to security parameters.
6. SSL alert protocol: The SSL alert protocol communicates SSL-specific errors, such as errors
encountered during handshake or message verification, to the appropriate peer.
7. SSL record protocol: The SSL record protocol takes messages to be transmitted, fragments them into
manageable blocks, and optionally compresses them. Then, using all the negotiated security
parameters, applies a message authentication code (MAC), encrypts the data, and transmits the result
to the transport layer (TCP). The received data is decrypted, verified, decompressed, and
reassembled. It is then delivered to a higher layer.
The SSL record protocol provides confidentiality by encrypting the message with the shared secret
key negotiated by the handshake protocol. The SSL record protocol provides message integrity by
attaching a MAC to the message. The MAC is created with another shared secret key negotiated by
the handshake protocol.
Figure 5-92 [STALLS] depicts the operation of the SSL record protocol.
5.12.1.3 OpenSSL algorithms
This section briefly describes various encryption and hash algorithms supported by OpenSSL on the TOE.
5.12.1.4 Symmetric ciphers
OpenSSL on the TOE supports the following symmetric key encryption algorithms. For a detailed
description of each of these algorithms, refer to their man pages.
188
Figure 5-92: SSL protocol action