Hello,
> > I have a cipher suit :
> > TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
> >
> > What is It meant "TLS_DHE_RSA" ???? Combine between RSA with
> > Diffie-Hellman ?? RSA is key transport. DH is key agreement. How do they
> > use together ?? Please help.
> >
> When we use Ephemeral DH, we need to use a (RSA or DSS) certificate. So
> the DHE is for key establishment, and RSA signature is to authenticate
> the DHE key to avoid man in the middle attack.
Yes, and is calculated as (with some simplification):
DH_parameters = p, g, Y
data = client_hello + server_hello + DH_parameters
sign = RSA_sign(MD5(data)+SHA1(data)), for RSA
sign = DSA_sign(SHA1(data)), for DSA
Best regards,
--
Marek Marcola <[EMAIL PROTECTED]>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [EMAIL PROTECTED]
