Menu
I understand that through SSL, the browser gets the public key of the secured website and through public key encryption rsa algorithm, these 2 establish session key and then continue communication thru some symmetric algorithm, because symmetric key encryption/decryption is faster. Which symmetric key algorithm does SSL use? DES? AES? or something else?
803
Key-exchange algorithms like KEA and RSA govern the way in which a server and client determine the symmetric keys they use during an SSL session. The most commonly used SSL cipher suites use the RSA key exchange.
The TLS (historically known as "SSL") protocol uses both asymmetric/public key and symmetric cryptography, and new keys for symmetric encryption have to be generated for each communication session. Such keys are called "session keys."
Server sends a copy of its asymmetric public key. Browser creates a symmetric session key and encrypts it with the server's asymmetric public key. Then sends it to the server. Server decrypts the encrypted session key using its asymmetric private key to get the symmetric session key.
DigiCert SSL/TLS certificates offer RSA and ECC encryption algorithms—to help you create a more secure and scalable future for your business.
When the client connects to the server, it negotiates a so-called ciphersuite (combination of encryption, key exchange, authentication algorithms) to use. Each SSL client or server has a list of allowed ciphersuites and during handshake the client and the server negotiate on what ciphersuite to use. It can happen sometimes, that there's no common denominator (ciphersuites sets don't intersect) and connection can't be established.
Symmetric algorithms supported in SSL are DES, 3DES, ARCFOUR, AES, Camellia, RC2, IDEA, SEED, NULL (no encryption).
107
During the connection establishment (the "handshake"), the client and server decide upon a "cipher suite" to use. The cipher suite states the algorithms which are used (asymmetric key agreement, symmetric encryption, and integrity check). In details, the client sends a list of the cipher suites it supports, and the server selects one of them, that it also supports. Normally, the server selects the first suite that it supports among those sent by the client (in other words, the ordering of the suites in the client message is its "order of preference" and the server usually honors the client preferences).
For instance, the cipher suite TLS_RSA_WITH_3DES_EDE_CBC_SHA means that the session key will be transmitted with RSA (asymmetric encryption, using the RSA public key from the server certificate), the data will be symmetrically encrypted with 3DES, and the integrity check will use the SHA-1 hash function. See the TLS specification for the list of standard cipher suites (other suites were added later on, in particular some with AES).
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
