1

There's a large list of ciphersuites inside SSL / TLS. It seems like that these ciphersuites can be categorized in terms of their underlying mechanism with following categories:

  1. RSA Key Exchange (e.g. TLS-RSA-WITH-AES-128-CBC-SHA256)
  2. RSA with Ephermal Diffie Hellman (DHE-RSA) Key Exchange (e.g. TLS-DHE-RSA-WITH-AES-128-CCM)
  3. RSA with Elliptic Curve Ephermal Diffie Hellman (ECDHE-RSA) Key Exchange (e.g. TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA)
  4. RSA with Elliptic Curve Diffie Hellman (ECDH-RSA) Key Exchange (e.g. TLS-ECDH-RSA-WITH-CAMELLIA-128-CBC-SHA256)
  5. ECDSA with Elliptic Curve Ephermal Diffie Hellman (ECDHE-ECDSA) Key Exchange (e.g. TLS-ECDHE-ECDSA-WITH-NULL-SHA)
  6. Pre Shared Key (PSK) Key Exchange (e.g. TLS-PSK-WITH-RC4-128-SHA)
  7. Pre Shared Key with Diffie Hellman (DHE-PSK) Key Exchange (TLS-DHE-PSK-WITH-AES-256-CBC-SHA384)
  8. Pre Shared Key with Elliptic Curve Ephermal Diffie Hellman (ECDHE-PSK) Key Exchange (e.g. TLS-ECDHE-PSK-WITH-AES-256-CBC-SHA384)
  9. Pre Shared Key with RSA (RSA-PSK) Key Exchange (e.g. TLS-RSA-PSK-WITH-AES-128-CBC-SHA256)

I'm looking for an answer that gives a short summary of the category, what kind of public / private keys are used for key exchange and signatures and where to "find" these keys (e.g. inside server's certificate), what kind of cipher is used for confidentiality and eventually how data is authenticated. It would be nice if the answer could use the example ciphersuite given for that category.

TrinityTonic
  • 231
  • 3
  • 11
  • Possible duplicate of [Client-server encryption technique explanation (TLS\_ECDHE\_RSA\_WITH\_AES\_128\_GCM\_SHA256, 128 bit keys)](https://security.stackexchange.com/questions/65622/client-server-encryption-technique-explanation-tls-ecdhe-rsa-with-aes-128-gcm-s) – RoraΖ Jun 22 '17 at 14:41
  • That question asks for one particular cipher suite which belongs to category three of my question. – TrinityTonic Jun 22 '17 at 14:55
  • 1
    The question also answers how you can determine which cipher and authentication method is used for each of your "categories". Your question is quite broad otherwise. – RoraΖ Jun 22 '17 at 15:00

2 Answers2

2

I'm not going to answer all of your question especially diving into the x509 format is probably out of the scope of an answer here but let's look at the ciphersuite examples you gave and interpret them:

TLS-RSA-WITH-AES-128-CBC-SHA256

This uses RSA for key exchange. In other words, the client picks a key, encrypts it with the servers public key and sends it over. The actual payload is encrypted using AES-128 in CBC mode and authenticated using HMAC-SHA256.

TLS-ECDHE-RSA-WITH-3DES-EDE-CBC-SHA

This uses ephemeral keys from an elliptic curve DH key agreement. The host is authenticated using an RSA signature. The payload is encrypted using 3DES (EDE = encrypt-decrypt-encrypt) in CBC mode and HMAC-SHA1 for authentication.

Here is the list of ciphersuites with their specifications.

All the suites you mention use RSA or PSK for the authentication. So the only key you will find in a certificate is the RSA key. A PSK cannot have a certificate since it is a symmetric key and getting it certified would mean giving away and putting the secret key in the public certificate. So the only key you have to look for in certificates is an RSA key.

The DH agreements create new keys and are also not found in the certificates.

Edit: Please don't try to parse x509 yourself. It's notoriously hard and has lead to many exploitable errors in the past.

Elias
  • 1,935
  • 1
  • 10
  • 17
2

I don't think that the proposed categories are the best way to categorize the ciphers. A more appropriate classification is to use the different parts of the cipher independently and then derive from this the features of a specific cipher. These parts of the cipher are the type of server authentication (RSA, ECDSA, ...), type of key exchange (RSA, DH, PSK, ...), and the type of symmetric cipher and Mac used for encryption with the key from the key exchange.

There are no ciphers defined for every combinations of these different cipher parts but for many. openssl ciphers -V shows of what parts the implemented ciphers consist, for example:

 0xC0,0x30 - ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA  Enc=AESGCM(256) Mac=AEAD
 0x00,0x35 - AES256-SHA                    SSLv3 Kx=RSA  Au=RSA  Enc=AES(256)    Mac=SHA1

I'm looking for an answer that gives a short summary of the category, ...

Given the many possible values for each type and all the combinations this would be too broad and thus I will not answer this part. But, the different types are easily to see from the output of openssl -V ciphers and if you need details types please ask for these in a different question.

But for the most common cases:

  • Server authentication (Au) is usually based on certificates, which mostly contain either RSA or ECDSA public keys.
  • Key exchange (Kx) is usually ECDH or DH or RSA.
  • Encryption (Enc) is done with a variety of algorithms like AES-128, AES-256, RC4, 3DES etc
  • Mac (Mac) is usually AEAD, SHA-1, SHA-256 or similar or even MD5.
Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434