By supporting the use of SSL certificates and keys, Silver Peak provides deduplication for Secure Socket Layer (SSL) encrypted WAN traffic
n Silver Peak decrypts SSL data using the configured certificates and keys, optimizes the data, and transmits data over an IPSec tunnel. The peer Silver Peak appliance uses configured SSL certificates to re-encrypt data before transmitting.
• X509 Privacy Enhanced Mail (PEM), Personal Information Exchange (PFX), and RSA key 1024-bit and 2048-bit certificate formats.
• SAN (Subject Alternative Name) certificates. SAN certificates enable sharing of a single certificate across multiple servers and services.
• Protocol versions: SSLv3, SSLv3.3, TLS1.0, TLS1.1, TLS1.2
• Key exchanges: RSA, DHE, ECDHE
• Authentication: RSA
• Cipher algorithms: RC4, 3DES, AES128, AES256, AES128-GCM, AES256-GCM
• Message Digests: MD5, SHA, SHA256, SHA284
• Configure the tunnels bilaterally for IPSec mode.
To do so, access the Tunnels template and for Mode, select ipsec.
• Verify that TCP acceleration and SSL acceleration are enabled.
To do so, access the Configuration > Optimization Policies page, and review the Set Actions.
n If you choose to be able to decrypt the flow, optimize it, and send it in the clear between appliances, then access the System template and select SSL optimization for non-IPsec tunnels.
Please send comments or suggestions regarding user documentation to techpubs@silver-peak.com. |