TLS_RSA_WITH_AES_128_CBC_SHA and SSL_RSA_WITH_AES_128_CBC_SHA

Question

Is there any difference between these cipher suites? They look the same however the first three letters are different.

I am referring to TLS_RSA_WITH_AES_128_CBC_SHA and SSL_RSA_WITH_AES_128_CBC_SHA.

Answer 1

IANA maintains a registry of TLS cipher suites at TLS Parameters. In SSL/TLS, cipher suites are specified by 2 octets.

TLS_RSA_WITH_AES_128_CBC_SHA uses 0x00,0x2F and its specified in RFC 3268, AES Ciphersuites for TLS. It supplemented the cipher suites from the original The TLS Protocol Version 1.0 of RFC 2246. RFC 5246, The Transport Layer Security (TLS) Protocol Version 1.2 included it out of the box.

There is no SSL_RSA_WITH_AES_128_CBC_SHA per IANA. Its not listed in the draft The SSL Protocol Version 3.0. And its not listed in RFC 6101, The Secure Sockets Layer (SSL) Protocol Version 3.0 either. I suspect its a synonym or alias used by some libraries after RFC 3268.

Related: SSL protocols are not under IETF control. See, for example, RFC 5746, Section 4.5:

While SSLv3 is not a protocol under IETF change control (see [SSLv3]), it was the original basis for TLS and most TLS implementations also support SSLv3.

OpenSSL does provide TLS_RSA_WITH_AES_128_CBC_SHA - its called AES128-SHA in the cipher suite list. OpenSSL does not provide SSL_RSA_WITH_AES_128_CBC_SHA. See the ciphers(1) documentation.

Below, both a TLSv1 and SSLv3 connections are made with AES128-SHA.

$ openssl s_client -tls1 -connect google.com:443 -cipher "AES128-SHA"
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
...
SSL-Session:
    Protocol  : TLSv1
    Cipher    : AES128-SHA
...

And

$ openssl s_client -ssl3 -connect google.com:443 -cipher "AES128-SHA"
CONNECTED(00000003)
depth=2 C = US, O = GeoTrust Inc., CN = GeoTrust Global CA
verify error:num=20:unable to get local issuer certificate
verify return:0
---
Certificate chain
 0 s:/C=US/ST=California/L=Mountain View/O=Google Inc/CN=*.google.com
   i:/C=US/O=Google Inc/CN=Google Internet Authority G2
 1 s:/C=US/O=Google Inc/CN=Google Internet Authority G2
   i:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
 2 s:/C=US/O=GeoTrust Inc./CN=GeoTrust Global CA
   i:/C=US/O=Equifax/OU=Equifax Secure Certificate Authority
...
SSL-Session:
    Protocol  : SSLv3
    Cipher    : AES128-SHA
...

My guess is SSL_RSA_WITH_AES_128_CBC_SHA was added to SSLv3 around the time RFC 3268 was published. But I can't find a document covering it.

In either case, the primitves are the same: RSA key transport, AES block cipher, CBC mode, SHA HAMC, etc. The only difference is the protocol (SSLv3 vs. TLS 1.0 and friends).