Confirmed users
529
edits
Security/Server Side TLS: Difference between revisions
→DHE hanshake and dhparam
| Line 131: | Line 131: | ||
# Server sends Client a [[http://tools.ietf.org/html/rfc5246#section-7.4.3|SERVER KEY EXCHANGE]] message during the SSL Handshake. The message contains: | # Server sends Client a [[http://tools.ietf.org/html/rfc5246#section-7.4.3|SERVER KEY EXCHANGE]] message during the SSL Handshake. The message contains: | ||
## Prime number p | ## Prime number ''p'' | ||
## Generator g | ## Generator ''g'' | ||
## Server's Diffie-Hellman public value A =g^X mod p, where X is a private integer chosen by the server at random, and never shared with the client. | ## Server's Diffie-Hellman public value ''A = g^X mod p'', where ''X'' is a private integer chosen by the server at random, and never shared with the client. | ||
## signature S of the above (plus two random values) computed using the Server's private RSA key | ## signature ''S'' of the above (plus two random values) computed using the Server's private RSA key | ||
# Client verifies the signature S | # Client verifies the signature ''S'' | ||
# Client sends server a CLIENT KEY EXCHANGE message. The message contains: | # Client sends server a [[http://tools.ietf.org/html/rfc5246#section-7.4.7|CLIENT KEY EXCHANGE]] message. The message contains: | ||
## Client's Diffie-Hellman public value B = g^Y mod p, where Y is a private integer chosen at random and never shared. | ## Client's Diffie-Hellman public value ''B = g^Y mod p'', where ''Y'' is a private integer chosen at random and never shared. | ||
# The Server and the Client can now calculate the pre-master secret using each other's public values: | # The Server and the Client can now calculate the pre-master secret using each other's public values: | ||
## server calculates PMS = B^X mod p | ## server calculates ''PMS = B^X mod p'' | ||
## client calculates PMS = A^Y mod p | ## client calculates ''PMS = A^Y mod p'' | ||
# Client sends a CHANGE CIPHER SPEC message to the server, and both parties continue the handshake using ENCRYPTED HANDSHAKE MESSAGES | # Client sends a [[http://tools.ietf.org/html/rfc5246#section-7.1|CHANGE CIPHER SPEC]] message to the server, and both parties continue the handshake using ENCRYPTED HANDSHAKE MESSAGES | ||
The size of the prime number p constrains the size of the pre-master key PMS, because of the modulo operation. A smaller prime almost means weaker values of A and B, which could leak the secret values X and Y. Thus, the prime p should not be smaller than | The size of the prime number ''p'' constrains the size of the pre-master key ''PMS'', because of the modulo operation. A smaller prime almost means weaker values of ''A'' and ''B'', which could leak the secret values ''X'' and ''Y''. Thus, the prime ''p'' should not be smaller than the size of the RSA private key. | ||
< | <source lang="bash"> | ||
$ openssl dhparam -rand – 2048 | $ openssl dhparam -rand – 2048 | ||
Generating DH parameters, 2048 bit long safe prime, generator 2 | Generating DH parameters, 2048 bit long safe prime, generator 2 | ||
| Line 152: | Line 152: | ||
...... | ...... | ||
-----END DH PARAMETERS----- | -----END DH PARAMETERS----- | ||
</ | </source> | ||
== Ciphersuite support on various systems == | == Ciphersuite support on various systems == | ||