Confirmed users
529
edits
Security/Server Side TLS: Difference between revisions
Jump to navigation
Jump to search
m
→DHE handshake and dhparam
| Line 167: | Line 167: | ||
As an example, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 works as follow: | As an example, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 works as follow: | ||
[[File:Dhe_params.png|frame|server key exchange message as displayed in Wireshark]] | [[File:Dhe_params.png|frame|server key exchange message as displayed in Wireshark]] | ||
[[File:Dhe_client_params.png|frame|client key exchange message as displayed in Wireshark]] | |||
# Server sends Client a [[http://tools.ietf.org/html/rfc5246#section-7.4.3 SERVER KEY EXCHANGE]] message during the SSL Handshake. The message contains: | # Server sends Client a [[http://tools.ietf.org/html/rfc5246#section-7.4.3 SERVER KEY EXCHANGE]] message during the SSL Handshake. The message contains: | ||
## Prime number ''p'' | ## Prime number ''p'' | ||
| Line 173: | Line 174: | ||
## signature ''S'' of the above (plus two random values) computed using the Server's private RSA key | ## signature ''S'' of the above (plus two random values) computed using the Server's private RSA key | ||
# Client verifies the signature ''S'' | # Client verifies the signature ''S'' | ||
# Client sends server a [[http://tools.ietf.org/html/rfc5246#section-7.4.7 CLIENT KEY EXCHANGE]] message. The message contains: | # Client sends server a [[http://tools.ietf.org/html/rfc5246#section-7.4.7 CLIENT KEY EXCHANGE]] message. The message contains: | ||
## Client's Diffie-Hellman public value ''B = g^Y mod p'', where ''Y'' is a private integer chosen at random and never shared. (note: B is called ''pubkey'' in wireshark) | ## Client's Diffie-Hellman public value ''B = g^Y mod p'', where ''Y'' is a private integer chosen at random and never shared. (note: B is called ''pubkey'' in wireshark) | ||