Transport Layer Security
Transport Layer Security (TLS), the successor to Secure Sockets Layer (SSL), is a security protocol used to communicate between client and server. It establishes an encrypted communication channel to secure data.
By default EOS uses a self signed certificate for client and server connections. However, some browsers or TLS libraries may refuse connections to the default self-signed certificates on EOS and in such case it is recommended to install the TLS server certificates that meet the following criteria:
RSA key sizes must be greater than or equal to 2048 bits.
There must be less than 825 days to expiry.
Certificate must use SHA-2 family of Hashing function.
Note Although Arista switches use TLS, the terms TLS and SSL are used interchangeably in this document.
Following are the two main components used by TLS for authentication of identity before any communication starts.
Certificate
Key
An SSL certificate is required to establish a secure connection between the client and server. The certificate includes all of the details which are necessary for authentication. Cryptographic keys are used to provide a secure channel of communication. TLS uses two cryptographic keys: a private key known only to the server and a public key embedded in the certificate. The keys are used to validate the certificate.
This chapter contains the following sections.