Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [tls]

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are protocols which provide communication security (privacy and integrity) for a bidirectional data channel.

SSL/TLS are usually used on top of a transport layer protocol like TCP, either below or integrated in an application layer protocol (like HTTP, POP3, FTP).

During connection startup a handshake occurs, in which the partners negotiate a cipher suite (combination of key exchange, encryption, MAC algorithms and a pseudorandom function), then use the key exchange algorithm to create a shared secret. Depending on the Cipher suite, this may include sending and validating a certificate containing a public key, and encrypting or signing some data using this key, thereby authenticating at least the server, optionally also the client.

After the handshake everything which will be sent is encrypted and integrity-protected.

654 questions
14
votes
2 answers

What's the GCM-SHA 256 of a TLS protocol?

If we read the Google line information about how the cypher the https communication, it reads: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 I understand it's using ECDHE to exchange keys, using ECDSA as digital signature and making the symmetric…
MyUserIsThis
  • 243
  • 1
  • 2
  • 7
10
votes
1 answer

Why is the maximum record size in TLS 1.3 limited to $2^{14}$ bytes?

RFC 8446 limits the maximum data carried withing single TLSv1.3 message to $2^{14}$ bytes, specifically in section 5.1: The record layer fragments information blocks into TLSPlaintext records carrying data in chunks of 2^14 bytes or less. The…
Vlad
  • 111
  • 1
  • 3
9
votes
2 answers

Is SSL getting faster because it's getting less secure?

There has been some discussion about it being more practical to use SSL due to advances in hardware. From my understanding, stronger public-key encryption means that both encrypting/decrypting and breaking it (via brute-force or vulnerabilities)…
Gelatin
  • 193
  • 4
9
votes
1 answer

What is the purpose of pre master secret in SSL/TLS?

I studied about SSL/TLS and learned that client and server must share keys below. common key for encryption common key for generating message authentication code Then, in SSL/TLS, a client doesn't send these keys to server directly, but it sends…
moriteru
  • 91
  • 1
  • 1
  • 4
8
votes
1 answer

Why would one choose DTLS-SRTP versus just RTP over DTLS?

If I understand DTLS-SRTP correctly, DTLS is used to exchange keys and then the endpoints switch to SRTP for encryption. What is the benefit of this setup versus just sending RTP over DTLS? Is it just about compatibility with existing SRTP stacks?
David Brown
  • 183
  • 3
8
votes
2 answers

Compare RFC 5246 SessionID re-use versus RFC 5077 Session Resumption?

Can you help me understand the differences, both algorithmic and practical, between RFC 5246 SessionID re-use and RFC 5077 Session Resumption? Both appear to be ways to nail up a second TLS session without a Server certificate exchange, leveraging…
gowenfawr
  • 630
  • 7
  • 11
7
votes
1 answer

In SSL and TLS, why is there a separate Change Cipher Spec Protocol rather than including a change_cipher_spec message in the Handshake Protocol?

In SSL and TLS, why is there a separate Change Cipher Spec Protocol rather than including a change_cipher_spec message in the Handshake Protocol?
ubhusri
  • 81
  • 1
  • 1
  • 4
6
votes
1 answer

Is TLS finished message encryption at record protocol redundant?

TLS finished message is encrypted under the record protocol's current cipher state. Being able to authenticate FINISHED message at record protocol proves that the genuineness of peer endpoint. Verifying handshake_hash proves that the handshake has…
Vakul Garg
  • 425
  • 2
  • 12
6
votes
1 answer

TLS RSA Certificate with Elliptic Curve Negotiation

When I look at Google's Public Key in Firefox I get PKCS #1 SHA-256 With RSA Encryption Yet according to SSL Labs Google has EC 256 bits / SHA256withRSA and supports TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 How can it when the public key it…
Zimm3r
  • 295
  • 1
  • 8
5
votes
3 answers

Is SSL broken? If so, what can I do about it?

But recently, with the scandals about the (in)filtrations, I read that the NSA (and of course others, but I'm not particularly worried about NSA) is able to break SSL and track your data. It is true? What can I do about that, given I do not know…
Alvaro Fuentes
  • 159
  • 3
4
votes
1 answer

Does DTLS Change_Cipher re-transmission use same epoch as original one or the new one?

DTLS endpoints are required to re-transmit the entire flight of handshake messages in case there is a timeout. Before timeout event, the transmit epoch can change at record protocol. Which epoch is used for re-transmission of messages? The old one…
Vakul Garg
  • 425
  • 2
  • 12
4
votes
0 answers

TLS handshake parallelization

As I understand, during TLS handshake phase, it is not legal for an endpoint to send its own handshake messages till the time it processes its peer's entire flight of messages completely. E.g. although a server is able to compute master secret after…
Vakul Garg
  • 425
  • 2
  • 12
4
votes
1 answer

Understanding the signature and hashing algorithms in TLS connection debug output

I have an application using TLSv1.2 for communication. I use the option -Djavax.net.debug=all Cipher Suites: [TLS_DHE_DSS_WITH_AES_128_CBC_SHA] Compression Methods: { 0 } Extension signature_algorithms, signature_algorithms:…
Bionix1441
  • 143
  • 1
  • 5
4
votes
1 answer

Is using the same HTTPS cipher suite as Google a good idea?

I'm searching for a cipher suite for my HTTPS website, running on the Apache 2 web server, that would offer a good compromise between compatibility with users and security. One idea I had was to simply using the same cipher suite that Google uses,…
user39768
4
votes
1 answer

What is the last value in a cipher suite?

I understand that a cipher suite should contain the MAC algorithm at the end. So ECDHE-RSA-AES128-SHA256 should use SHA256 in HMAC for the MAC. But what about the PRF? From the RFC this is what I understand: new cipher suites need to include the PRF…
David 天宇 Wong
  • 1,535
  • 11
  • 26
1
2 3 4 5 6 7