This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
ServerKeyExchange
ServerKeyExchange

Version management

Difference between version and

At line 1 added 88 lines
!!! Overview
[{$pagename}] describes a Step within the [TLS Handshake] process.
%%information
[{$pagename}] has been removed in [TLS 1.3]
%%
In [TLS 1.0], The server sends [ServerKeyExchange] message is sent after the server [Certificate] message if it does not contain enough information for the client to exchange the [Premaster Secret], or after the server hello if anonymous [Key-Exchange] is in use.
More specifically it is used for [anonymous] [Diffie-Hellman], [Diffie-Hellman Ephemeral] and Ephemeral RSA [Key-Exchange] methods.
The [{$pagename}] message will be sent immediately after the [ServerCertificate] message or the [ServerHello] message if this is an anonymous negotiation.
The [{$pagename}] message is sent by the server only when the [ServerCertificate] message (if sent) does not contain enough data to allow the [user-agent] to exchange a premaster secret. This is true for the following key exchange methods:
* RSA_EXPORT (if the public key in the server certificate is longer than 512 bits)
* DHE_DSS
* DHE_DSS_EXPORT
* DHE_RSA
* DHE_RSA_EXPORT
* DH_anon
It is not legal to send the server key exchange message for the following key exchange methods:
* RSA
* [RSA_EXPORT] (when the public key in the server certificate is less than or equal to 512 bits in length)
* DH_DSS
* DH_RSA
The [{$pagename}] message conveys cryptographic information to allow the [user-agent] to communicate the [premaster Secret] with which the client can complete a [ClientKeyExchange] with the result containing the [premaster Secret].
As additional [Cipher Suites] are defined for TLS which include new [key-Exchange] algorithms, the [{$pagename}] message will be sent if and only if the certificate type associated with the key exchange algorithm does not provide enough information for the client to exchange a [premaster Secret].
The Structure of [{$pagename}] message:
%%prettify
{{{
enum { rsa, diffie_hellman } KeyExchangeAlgorithm;
struct {
opaque rsa_modulus<1..2^16-1>;
opaque rsa_exponent<1..2^16-1>;
} ServerRSAParams;
struct {
opaque dh_p<1..2^16-1>;
opaque dh_g<1..2^16-1>;
opaque dh_Ys<1..2^16-1>;
} ServerDHParams; /* Ephemeral DH parameters */ struct {
select (KeyExchangeAlgorithm) {
case diffie_hellman:
ServerDHParams params;
Signature signed_params;
case rsa:
ServerRSAParams params;
Signature signed_params;
};
} ServerKeyExchange;
enum { anonymous, rsa, dsa } SignatureAlgorithm;
select (SignatureAlgorithm)
{
case anonymous: struct { };
case rsa:
digitally-signed struct {
opaque md5_hash[16];
opaque sha_hash[20];
};
case dsa:
digitally-signed struct {
opaque sha_hash[20];
};
} Signature;
}
}}} /%
Where:
* rsa_modulus - The modulus of the server's temporary RSA key.
* rsa_exponent - The public exponent of the server's temporary RSA key.
* dh_p - The prime modulus used for the Diffie-Hellman operation.
* dh_g - The generator used for the Diffie-Hellman operation.
* dh_Ys - The server's Diffie-Hellman public value (g^X mod p).
* params - The server's key exchange parameters.
* signed_params - For non-anonymous key exchanges, a hash of the corresponding params value, with the signature appropriate to that hash applied.
* md5_hash - MD5(ClientHello.random + ServerHello.random + ServerParams);
* sha_hash - SHA(ClientHello.random + ServerHello.random + ServerParams);
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop