|Applies To||ClearTrust 5.5.x|
RSA Access Manager 6.x
|Issue||What level of encryption does ClearTrust use when specifying ANON mode ?|
|Cause||When configuring RSA Access Manager components it is possible to select an encryption type for communication where the options are usually CLEAR, ANON and AUTH.|
The default mode for RSA Access Manager (ClearTrust) is "Anonymous SSL".
In this mode, all data exchanged between Access Manager components is encrypted using Secure Sockets Layer (SSL) encryption technology. Before transmission over the network, the data is encrypted using anonymous SSL. Although the data is encrypted in this mode, neither the client nor the Server is required to present a certificate to authenticate itself.
Anonymous SSL can be used by all interfaces between Access Manager components to secure connections, it uses Diffie-Hellman (D-H) key exchange rather than RSA public/private key exchange which is why it does not make any use of certificates. Where a man-in-the-middle attack is possible then the stronger level of SSL (AUTH) should be used which uses RSA public/private key technology and requires the creation of keys and certificates.
The particular SSL modes may vary from one component to another, but in all cases RSA Access Manager uses 128-bit encryption for messages sent across the network.
For full details for configuring RSA Access Manager see the appropriate documentation. Copies are available on RSA SecurCare online:
RSA ClearTrust 5.5.3 Servers Installation and Configuration Guide
RSA Access Manager 6.0 Servers Installation and Configuration Guide
|Legacy Article ID||a34254|