SSL server modes
SSL server modes are:
- ServerAnon
- Server
- ServerAuth
ServerAnon
This is the anonymous mode. It provides only encryption using ephemeral Diffie-Hellman, which applies a spontaneously generated public key to each message.
There are no required certificates, as these are dynamically generated when the connection is established.
No non-repudiation or authentication.
Server
This is the non-repudiation mode and is the standard mode for servers. The server does not perform any authentication of the client at the other end of the connection, but may be authenticated by the client.
It provides encryption and non-repudiation. This indicates no authentication.
It requires a private key and certificate. You specify the location of these files in the security dialog box.
- The private key is used to encrypt the data.
- The certificate is sent to the other party during handshaking.
- The other party uses the certificate to decrypt any data you send. This provides non-repudiation. The encrypted data could only have been generated from this private key.
ServerAuth
This is the authentication mode. Messages are encrypted using a private key and certificate. The server obtains a certificate from the client at the other end and then validates that certificate using a CA file to authenticate the client. The server may also be authenticated by the client.
It provides encryption, non-repudiation, and authentication.
It also requires a private key, certificate, and a CA certificate.
The CA certificate should be obtained from a trusted third-party.
- The private key is used to encrypt the data.
- The certificate is signed by both yourself and the CA.
- The certificate is sent to the other party during handshaking.
- The other party verifies that your certificate is signed by a trusted CA.
- The other party uses your certificate to decrypt the data.
- The other party trusts that you are who you say you are, because your certificate has been signed by the CA and you both trust the CA. Optionally, one of you can be a CA and agree that you trust each other.
The CA file is the path to the CA certificate, which is used for authenticating the other party’s certificate.
The CA path is the directory where this and other CA files are located.
The server modes closely resemble the client modes. The modes are also symmetrical across the connection; that is, the client mode selected for one end of the connection must be balanced with the server mode selected for the other end.