Confirmed users
529
edits
Security/Server Side TLS: Difference between revisions
no edit summary
No edit summary |
|||
| Line 133: | Line 133: | ||
= Mandatory discards = | = Mandatory discards = | ||
* aNull contains non-authenticated Diffie-Hellman key exchanges, that are subject to | * aNull contains non-authenticated Diffie-Hellman key exchanges, that are subject to Man-In-The-Middle (MITM) attacks | ||
* eNull contains null-encryption ciphers (cleartext) | * eNull contains null-encryption ciphers (cleartext) | ||
* EXPORT are legacy weak ciphers that were marked as exportable by US law | * EXPORT are legacy weak ciphers that were marked as exportable by US law | ||
| Line 144: | Line 144: | ||
The concept of forward secrecy is simple: client and server negotiate a key that never hits the wire, and is destroyed at the end of the session. The RSA private from the server is used to sign a Diffie-Hellman key exchange between the client and the server. The pre-master key obtained from the Diffie-Hellman handshake is then used for encryption. Since the pre-master key is specific to a connection between a client and a server, and used only for a limited amount of time, it is called Ephemeral. | The concept of forward secrecy is simple: client and server negotiate a key that never hits the wire, and is destroyed at the end of the session. The RSA private from the server is used to sign a Diffie-Hellman key exchange between the client and the server. The pre-master key obtained from the Diffie-Hellman handshake is then used for encryption. Since the pre-master key is specific to a connection between a client and a server, and used only for a limited amount of time, it is called Ephemeral. | ||
With Forward Secrecy, if an attacker gets a hold of the server's private key, it will not be able to decrypt past communications. The private key was only used to sign the DH handshake, which does not reveal the pre-master key. Diffie-Hellman ensures that the pre-master keys never leave the client and the server, and cannot be intercepted by a | With Forward Secrecy, if an attacker gets a hold of the server's private key, it will not be able to decrypt past communications. The private key was only used to sign the DH handshake, which does not reveal the pre-master key. Diffie-Hellman ensures that the pre-master keys never leave the client and the server, and cannot be intercepted by a MITM. | ||
Diffie-Hellman is slow. Faster implementation, such as Elliptic Curve Diffie-Hellman (ECDH) are promising but not widely supported. Therefore, forward secrecy is still considered the privilege of a few. | Diffie-Hellman is slow. Faster implementation, such as Elliptic Curve Diffie-Hellman (ECDH) are promising but not widely supported. Therefore, forward secrecy is still considered the privilege of a few. | ||
| Line 150: | Line 150: | ||
== DHE hanshake and dhparam == | == DHE hanshake and dhparam == | ||
When an ephemeral Diffie-Hellman cipher is used, the server and the client negotiate a pre-master key using the Diffie-Hellman algorithm. This algorithm requires that the server sends the client a prime number and a generator. Neither are confidential, and are sent in clear text. However, they must be signed, such that a | When an ephemeral Diffie-Hellman cipher is used, the server and the client negotiate a pre-master key using the Diffie-Hellman algorithm. This algorithm requires that the server sends the client a prime number and a generator. Neither are confidential, and are sent in clear text. However, they must be signed, such that a MITM cannot hijack the handshake. | ||
As an example, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 works as follow: | As an example, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 works as follow: | ||