0

I have read the following excellent post How does SSL/TLS work? but unfortunately it does not clear up one question I have.

If during an established TLS session the server becomes busy and needs to renegotiate the cipher being used what exactly happens, assuming secure renegotiation is in place.

Does the server initiate a new full handshake, does it simply use session resumption?

Ringo
  • 125
  • 2
  • 2
    Why does the server need a new cipher when it gets busy? I'm pretty sure that this does not help with the busy part because doing the new handshake needed to get a new cipher and key is more expensive than continuing with the cheap symmetric encryption with the existing cipher. – Steffen Ullrich Aug 09 '17 at 12:24
  • To add to what Steffen and Gowenfawr have already pointed out, I'm not aware of any TLS implementation that would initiate a change in the cipher being used after a handshake is completed, or even choose an initial cipher suite (change the priority order, effectively) based on how "busy" it is. – Xander Aug 09 '17 at 13:39
  • It is actually part of an exam question that a work colleague was asked as part of a cyber security certification he is taking in college. No other information supplied in the question as to why the server would be busy. – Ringo Aug 09 '17 at 14:30

1 Answers1

4

Session Resumption will re-use the previously negotiated cipher spec, so if you need to renegotiate a different cipher, you will need a new handshake. To quote RFC 5246 section 7 (emphasis mine):

The Handshake Protocol is responsible for negotiating a session, which consists of the following items:

...(session identifier, peer certificate, compression method)...

cipher spec: Specifies the pseudorandom function (PRF) used to generate keying material, the bulk data encryption algorithm (such as null, AES, etc.) and the MAC algorithm (such as HMAC-SHA1). It also defines cryptographic attributes such as the mac_length. (See Appendix A.6 for formal definition.)

...(master secret, is resumable)...

These items are then used to create security parameters for use by the record layer when protecting application data. Many connections can be instantiated using the same session through the resumption feature of the TLS Handshake Protocol.

gowenfawr
  • 72,355
  • 17
  • 162
  • 199