Re: Understanding Key Exchange

Eric Rescorla Fri, 03 Nov 2000 17:28:22 -0800
Matt Walsh <[EMAIL PROTECTED]> writes:
> (line numbers added for clarity)
> 
>  1: SSL_accept:before/accept initialization
>  2: SSL_accept:SSLv3 read client hello A
>  3: SSL_accept:SSLv3 write server hello A
>  4: SSL_accept:SSLv3 write certificate A
>  5: SSL_accept:SSLv3 write server done A
>  6: SSL_accept:SSLv3 flush data
>  7: SSL_accept:SSLv3 read client key exchange A
>  8: SSL_accept:SSLv3 read finished A
>  9: SSL_accept:SSLv3 write change cipher spec A
> 10: SSL_accept:SSLv3 write finished A
> 11: SSL_accept:SSLv3 flush data
> 
> ...yet with other clients I get these additional entries:
> 
>  4: SSL_accept:SSLv3 write certificate A
> ->  Generating temp (512 bit) RSA key...
> ->  SSL_accept:SSLv3 write key exchange A
>  5: SSL_accept:SSLv3 write server done A
> 
> ...or sometimes just this extra key exchange message:
> 
>  4: SSL_accept:SSLv3 write certificate A
> ->  SSL_accept:SSLv3 write key exchange A
>  5: SSL_accept:SSLv3 write server done A
> 
> Why do I care?  Well, this/these extra protocol step(s) cause(s) an extra
> 512 bit RSA public key operation to occur, which equates to a 50% slowdown
> on a 1024 bit key-based transaction.
> 
> Hopefully, this is a matter of a mismatched cert on the client.  Can some
> helpful SSL protocol expert please help shed light on this?
No, what's going on here is that you're negotiating an export cipher
suite that uses an ephemeral 512 bit RSA key. Most servers have 1024
bit RSA keys but it used to be forbidden to export programs which
could encrypt with keys > 512 bits, so you'd use a temporary 512 bit
key and sign it with your 1024 bit key.

Newer export clients were allowed to use 1024 bit keys so you
wouldn't see this and now the export rules have been (more or less)
repealed so newer clients should just do the normal handshake.

For more details, see section 7.4.3 of the TLS standard.

-Ekr

[Eric Rescorla                                   [EMAIL PROTECTED]]
author of "SSL and TLS: Designing and Building Secure Systems"
Addison-Wesley 2000                 http//www.rtfm.com/sslbook


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]
Re: Understanding Key Exchange

Reply via email to
