5.3.6 Encrypting and Decrypting the I/O Data Stream
If the Encryption Level (section 5.4.1) of the server is greater than zero, then encryption will always be in effect. At a minimum, all client-to-server traffic (except for licensing PDUs which have optional encryption) will be encrypted and a MAC will be appended to the data to ensure transmission integrity.
The table which follows summarizes the possible encryption and MAC generation scenarios based on the Encryption Method and Encryption Level selected by the server (the Encryption Method values are described in section 2.2.1.4.3, while the Encryption Levels are described in 5.4.1) as part of the cryptographic negotiation described in section 5.3.2:
|
Selected Encryption Level |
Selected Encryption Method |
Data Encryption |
MAC Generation |
|---|---|---|---|
|
None (0) |
None (0x00) |
None |
None |
|
Low (1) |
40-Bit (0x01) 56-Bit (0x08) 128-Bit (0x02) |
Client-to-server traffic only using RC4 |
Client-to-server traffic only using MD5 and SHA-1 |
|
Client Compatible (2) |
40-Bit (0x01) 56-Bit (0x08) 128-Bit (0x02) |
Client-to-server and server-to-client traffic using RC4 |
Client-to-server and server-to-client traffic using MD5 and SHA-1 |
|
High (3) |
128-Bit (0x02) |
Client-to-server and server-to-client traffic using RC4 |
Client-to-server and server-to-client traffic using MD5 and SHA-1 |
|
FIPS (4) |
FIPS (0x10) |
Client-to-server and server-to-client traffic using Triple DES |
Client-to-server and server-to-client traffic using SHA-1 |