Network Implementation Guide › Decoding SSL Communications

Previous Topic: Configuring Trap Severity

Next Topic: How Does the NBA Decode SSL Traffic?

Decoding SSL Communications

Note: SSL decoding is available in CA DLP Network r12.5 if you have deployed patch RO26711, CA DLP Network Support for SSL Decoding. This patch is available on the CA DLP Solutions & Patches page of CA Support Online: support.ca.com. See Installing the NBA Software for installation instructions.

This section contains the following topics:

What is SSL?

How Does the NBA Decode SSL Traffic?

Hardware Acceleration

What Does the User See?

Setting Up SSL Decode

What is SSL?

The Secure Sockets Layer protocol (SSL) is used to ensure that a network transaction (such as a web request) is serviced by the intended network host (such as a web site). It also prevents transmitted data from being intercepted by a third party. It does this by encrypting the traffic using public/private key encryption. The public key is obtained via a certificate which itself is validated against a trusted certificate authority.

The client holds a well-known public certificate of an organization it trusts (the certificate authority). The client then requests the certificate of the website it needs to connect to. If the website certificate is correctly signed by a trusted certificate authority, the client proceeds with the connection and negotiates the encrypted communications channel.

Typical SSL applications include online purchasing (via a browser) and webmail (many providers are moving to SSL). An increasing number of web sites and applications (such as instant messaging) are starting to use SSL. In particular, the widespread use of social networking sites is a major cause for concern regarding data loss. The ability to analyze data transmitted over these networks is becoming increasingly important.

Certificates

A certificate is a small file containing data about a website or network host. The certificate is signed to prevent falsification and contains a chain of responsibility (certification path) that allows a browser or network client to verify the certificate even if the browser or client only has local access to the top-level (or root) certificate in the chain.

Web browsers provide the ability to view the certificate of a website and ensure it is valid. Browsers ship with, and regularly update, a set of Certificate Authority certificates to ensure that verification can be performed.