For example the following suite: TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 From what I understand the SHA384 at the end is used to authenticate the message, which is exactly what MAC does, and the mode GCM already creates a MAC, then why is the cipher suite followed by SHA384?
Asked
Active
Viewed 22 times
0
-
1Does this answer to your question? What hash is concatenating with the data to be signed in TLS 1.3 CertificateVerify message? – kelalaka Mar 17 '21 at 06:44
-
Yes, it did! thank you. should I delete the question? – macie Mar 17 '21 at 08:15
-
Up to you. I've voted for duplicate. You can accept it. – kelalaka Mar 17 '21 at 08:46
-
Also https://crypto.stackexchange.com/questions/75970/if-all-encrypt-algorithms-in-tls1-3-ciphersuites-are-aead-why-do-they-keep-inc and more linked there including some on security more specific to TLS1.2 – dave_thompson_085 Mar 18 '21 at 07:51