Which symmetric key algorithm does SSL use?

大城市里の小女人 提交于 2019-12-02 23:21:43

When the client connects to the server, it negotiates a so-called ciphersuite (combination of encryption, key exchange, authentication algorithms) to use. Each SSL client or server has a list of allowed ciphersuites and during handshake the client and the server negotiate on what ciphersuite to use. It can happen sometimes, that there's no common denominator (ciphersuites sets don't intersect) and connection can't be established.

Symmetric algorithms supported in SSL are DES, 3DES, ARCFOUR, AES, Camellia, RC2, IDEA, SEED, NULL (no encryption).

During the connection establishment (the "handshake"), the client and server decide upon a "cipher suite" to use. The cipher suite states the algorithms which are used (asymmetric key agreement, symmetric encryption, and integrity check). In details, the client sends a list of the cipher suites it supports, and the server selects one of them, that it also supports. Normally, the server selects the first suite that it supports among those sent by the client (in other words, the ordering of the suites in the client message is its "order of preference" and the server usually honors the client preferences).

For instance, the cipher suite TLS_RSA_WITH_3DES_EDE_CBC_SHA means that the session key will be transmitted with RSA (asymmetric encryption, using the RSA public key from the server certificate), the data will be symmetrically encrypted with 3DES, and the integrity check will use the SHA-1 hash function. See the TLS specification for the list of standard cipher suites (other suites were added later on, in particular some with AES).

Several possibilities including RC4 and DES or even no encryption. Not an area I know well, but I assume client and server negotiate to find one they can both use

http://httpd.apache.org/docs/2.0/ssl/ssl_intro.html#ssl

If you are using HTTPS under Firefox, if you click the little "lock" icon in the URL bar, it will give you a pop up with the details of your connection. For example, with my server, I connect with 128 bit AES with firefox.

Different web browsers can give different results of course, since the TLS connection negotiates the connection.

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!