In the next section, we will talk about how the SSL/TLS channel can be decrypted; before that, we need to understand what the different keys exchange methods are and what their cipher suites look like. These are the following key exchange methods.
This protocol allows two users to exchange a secret key over an insecure medium without any prior secrets; in this scheme, the example cipher suites will have a naming convention such as:
- SSL_DH_RSA_WITH_DES_CBC_SHA
- SSL_DH_RSA_WITH_3DES_EDE_CBC_SHA
Cipher suites will have "DH" in their name, not "DHE" or "DH_anon".
Note
You can learn more about Diffie-Hellman at: https://en.wikipedia.org/wiki/Diffie-Hellman_key_exchange.
Elliptic curve Diffie-Hellman is a modified Diffie-Hellman exchange that uses elliptic curve cryptography instead of the traditional RSA-style large primes. Elliptic curve cryptography (ECC) is a public-key cryptosystem just like RSA, Rabin, and El Gamal. Some important points with this algorithm are:
Note
You can learn more about Elliptic Curve Diffie-Hellman at: https://en.wikipedia.org/wiki/Elliptic_curve_Diffie–Hellman.
Note that the Client Hello message exchange process in the Extension elliptic_curves key exchange was offered. The example cipher suites will follow a naming convention such as:
- SSL_DHE_RSA_WITH_DES_CBC_SHA
- SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA
Cipher suites will have "DHE" in their name, not "DH" or "DH_anon".
The server's public key is made available to the client during the Server Key Exchange handshake. The pre_master_secret key is encrypted with the server public RSA key. The example cipher suites in this case will be:
- SSL_RSA_WITH_RC4_128_SHA
- SSL_RSA_WITH_DES_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
Cipher suites will have "RSA" in their name, not "DH" or "DH_anon" or "DHE".