Confirmed users
529
edits
Security/Server Side TLS: Difference between revisions
→DHE hanshake and dhparam
| Line 130: | Line 130: | ||
As an example, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 works as follow: | As an example, TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 works as follow: | ||
# Server sends Client a [[http://tools.ietf.org/html/rfc5246#section-7.4.3|SERVER KEY EXCHANGE]] message during the SSL Handshake. The message contains: | # Server sends Client a [[http://tools.ietf.org/html/rfc5246#section-7.4.3 | SERVER KEY EXCHANGE]] message during the SSL Handshake. The message contains: | ||
## Prime number ''p'' | ## Prime number ''p'' | ||
## Generator ''g'' | ## Generator ''g'' | ||
| Line 136: | Line 136: | ||
## signature ''S'' of the above (plus two random values) computed using the Server's private RSA key | ## signature ''S'' of the above (plus two random values) computed using the Server's private RSA key | ||
# Client verifies the signature ''S'' | # Client verifies the signature ''S'' | ||
# Client sends server a [[http://tools.ietf.org/html/rfc5246#section-7.4.7|CLIENT KEY EXCHANGE]] message. The message contains: | # Client sends server a [[http://tools.ietf.org/html/rfc5246#section-7.4.7 | CLIENT KEY EXCHANGE]] message. The message contains: | ||
## Client's Diffie-Hellman public value ''B = g^Y mod p'', where ''Y'' is a private integer chosen at random and never shared. | ## Client's Diffie-Hellman public value ''B = g^Y mod p'', where ''Y'' is a private integer chosen at random and never shared. | ||
# The Server and the Client can now calculate the pre-master secret using each other's public values: | # The Server and the Client can now calculate the pre-master secret using each other's public values: | ||
## server calculates ''PMS = B^X mod p'' | ## server calculates ''PMS = B^X mod p'' | ||
## client calculates ''PMS = A^Y mod p'' | ## client calculates ''PMS = A^Y mod p'' | ||
# Client sends a [[http://tools.ietf.org/html/rfc5246#section-7.1|CHANGE CIPHER SPEC]] message to the server, and both parties continue the handshake using ENCRYPTED HANDSHAKE MESSAGES | # Client sends a [[http://tools.ietf.org/html/rfc5246#section-7.1 | CHANGE CIPHER SPEC]] message to the server, and both parties continue the handshake using ENCRYPTED HANDSHAKE MESSAGES | ||
The size of the prime number ''p'' constrains the size of the pre-master key ''PMS'', because of the modulo operation. A smaller prime almost means weaker values of ''A'' and ''B'', which could leak the secret values ''X'' and ''Y''. Thus, the prime ''p'' should not be smaller than the size of the RSA private key. | The size of the prime number ''p'' constrains the size of the pre-master key ''PMS'', because of the modulo operation. A smaller prime almost means weaker values of ''A'' and ''B'', which could leak the secret values ''X'' and ''Y''. Thus, the prime ''p'' should not be smaller than the size of the RSA private key. | ||