Does TLS use use two symmetric keys in the same way SSH does? One for client to server and one for server to client communication?

Question

As described in the SSH RFC an initial IV to server, initial IV to client, encryption key client to server, encryption key server to client, integrity key client to server, and an integrity key server to client are generated.

Does TLS use a similar system? If not, Why doesn't TLS use a system like this?

Hi, Which TLS version are you referring to? Or what is the source of this claim. Based on this it seems key separation is done in version 1.2 https://datatracker.ietf.org/doc/html/rfc5246#section-6.3 — Marc Ilunga, Mar 08 '22 at 07:09
Basically dupe https://crypto.stackexchange.com/questions/1139 (automatically found by SE as 'related' -- did you even look?) and https://crypto.stackexchange.com/questions/50799 — dave_thompson_085, Mar 09 '22 at 00:30

score 2 · Answer 1 · answered Mar 08 '22 at 13:43

2

Why doesn't TLS use a system like this?

TLS does have separate client-to-server and server-to-client keys - it always has, and that has not changed in any published version of TLS or SSL.

What makes you think it doesn't?

answered Mar 08 '22 at 13:43

poncho

147,019
11
229
360

This comment. – fgrieu Mar 08 '22 at 14:03
Yes it was that comment. Change the title so it hopefully doesn't confuse others. – nilch Mar 08 '22 at 16:46

Does TLS use use two symmetric keys in the same way SSH does? One for client to server and one for server to client communication?

1 Answers1