Security/Server Side TLS: Difference between revisions

Jump to navigation Jump to search

Security/Server Side TLS (view source)

Revision as of 19:39, 14 October 2013

No change in size ,  14 October 2013
→‎DHE hanshake and dhparam
Line 143: Line 143:
== DHE hanshake and dhparam ==
== DHE hanshake and dhparam ==


When an ephemeral Diffie-Hellman cipher is used, the server and the client negociate a pre-master key using the Diffie-Hellman algorithm. This algorithm requires that the server sends the client a prime number and a generator. Neither are confidential, and are sent in clear text. However, they must be signed, such that a man in the middle cannot hijack the handshake.
When an ephemeral Diffie-Hellman cipher is used, the server and the client negotiate a pre-master key using the Diffie-Hellman algorithm. This algorithm requires that the server sends the client a prime number and a generator. Neither are confidential, and are sent in clear text. However, they must be signed, such that a man in the middle cannot hijack the handshake.


As an example, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 works as follow:
As an example, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 works as follow:
Ulfr
Confirmed users
529

edits

Retrieved from "https://wiki.allizom.org/Special:MobileDiff/728785"

Navigation menu