1

I want to know the difference between these two cipher suites:

  1. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
  2. TLS_RSA_WITH_AES_128_GCM_SHA256

My questions are:

  1. In the (2) there is no key exchange algorithm (like DH, DHE, etc) hence, RSA public key cryptography will be used for the key exchange along with the RSA key pairs?
  2. Then in the (1) Only RSA key pairs will be used along with ECDHE key exchange?
  3. Then (1) and (2) will have the different pre-master key, master key generation?

I went through these two topics and googled, but still didn't get enough clarity.

Community
  • 1
Anto Jerome
  • 11
  • 1
  • 4

2 Answers2

4

There is really no substitute for reading the TLS spec, but here's a quick explanation.

There are essentially 4 different parts of a TLS 1.2 cipher suite:

  1. Authentication - what crypto is used to verify the authenticity of the server?
  2. Key exchange - what asymmetric crypto is used to exchange keys?
  3. Cipher - what symmetric crypto is used to encrypt the data?
  4. MAC - what hash function is used to ensure message integrity?

Your two examples share three of these and differ in one.

  • Both use RSA certificates to authenticate the server (and possibly the client).
  • Both use AES-128 in Galois/Counter Mode for encryption.
  • Both use HMAC-SHA256 for message integrity

They differ in the key exchange method. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 uses ephemeral elliptic curve Diffie-Hellman to exchange keys, providing forward secrecy. Because the parameters are ephemeral, they are discarded after use and the key that was exchanged cannot be recovered from the traffic stream without them. TLS_RSA_WITH_AES_128_GCM_SHA256 on the other hand uses the RSA keys in the server certificate to exchange keys. This is still strong crypto (assuming large enough keys), but the session key that was exchanged can be recovered from the traffic stream using the server's private key, which obviously cannot be discarded frequently.

Community
  • 1
bonsaiviking
  • 11,456
  • 1
  • 27
  • 50
0

In the (2) there is no key exchange algorithm(like DH,DHE..etc) hence, RSA public key cryptography will be used for the key exchange along with the RSA key pairs?

Yes this is correct.

Then in the (1) Only RSA key pairs will be used along with ECDHE key exchange?

As stated in this answer the RSA key pair will be used for authenticating the ECDHE key exchange.

Then (1) and (2) will have the different pre-master key, master key generation ?

There is not a single pre-master key or master key for each cipher suite. Each cipher suite simple outlines the algorithms used to generate a pre-master key/master key. As you can see in this answer when the master_key is derived it uses the client_random and server_random values. These are 32 bytes of (what should be) cryptographically secure random. Both values are mixed using the negotiated cipher suite's hashing algorithm which should guarantee a new master_key for each connection.

Community
  • 1
RoraΖ
  • 12,347
  • 4
  • 51
  • 83
  • @RoraZ your answer gave me full clarity. One last question, pre-master key is generated by the client only in all cases and send to the server and both of them calculate the master key(which will be same)? – Anto Jerome Sep 20 '16 at 22:44
  • @AntoJerome That is correct! – RoraΖ Sep 21 '16 at 11:49