!!! Overview
[{$pagename}] describes a Step within the [TLS Handshake] process.
%%information
[{$pagename}] has been removed in [TLS 1.3]
%%
In [TLS 1.0], The server sends [ServerKeyExchange] message is sent after the server [Certificate] message if it does not contain enough information for the client to exchange the [Premaster Secret], or after the server hello if anonymous [Key-Exchange] is in use.
More specifically it is used for [anonymous] [Diffie-Hellman], [Diffie-Hellman Ephemeral] and Ephemeral RSA [Key-Exchange] methods.
The [{$pagename}] message will be sent immediately after the [ServerCertificate] message or the [ServerHello] message if this is an anonymous negotiation.
The [{$pagename}] message is sent by the server only when the [ServerCertificate] message (if sent) does not contain enough data to allow the [user-agent] to exchange a premaster secret. This is true for the following key exchange methods:
* RSA_EXPORT (if the public key in the server certificate is longer than 512 bits)
* DHE_DSS
* DHE_DSS_EXPORT
* DHE_RSA
* DHE_RSA_EXPORT
* DH_anon
It is not legal to send the server key exchange message for the following key exchange methods:
* RSA
* [RSA_EXPORT] (when the public key in the server certificate is less than or equal to 512 bits in length)
* DH_DSS
* DH_RSA
The [{$pagename}] message conveys cryptographic information to allow the [user-agent] to communicate the [premaster Secret] with which the client can complete a [ClientKeyExchange] with the result containing the [premaster Secret].
As additional [Cipher Suites] are defined for TLS which include new [key-Exchange] algorithms, the [{$pagename}] message will be sent if and only if the certificate type associated with the key exchange algorithm does not provide enough information for the client to exchange a [premaster Secret].
The Structure of [{$pagename}] message:
%%prettify
{{{
enum { rsa, diffie_hellman } KeyExchangeAlgorithm;
struct {
opaque rsa_modulus<1..2^16-1>;
opaque rsa_exponent<1..2^16-1>;
} ServerRSAParams;
struct {
opaque dh_p<1..2^16-1>;
opaque dh_g<1..2^16-1>;
opaque dh_Ys<1..2^16-1>;
} ServerDHParams; /* Ephemeral DH parameters */ struct {
select (KeyExchangeAlgorithm) {
case diffie_hellman:
ServerDHParams params;
Signature signed_params;
case rsa:
ServerRSAParams params;
Signature signed_params;
};
} ServerKeyExchange;
enum { anonymous, rsa, dsa } SignatureAlgorithm;
select (SignatureAlgorithm)
{
case anonymous: struct { };
case rsa:
digitally-signed struct {
opaque md5_hash[16];
opaque sha_hash[20];
};
case dsa:
digitally-signed struct {
opaque sha_hash[20];
};
} Signature;
}
}}} /%
Where:
* rsa_modulus - The modulus of the server's temporary RSA key.
* rsa_exponent - The public exponent of the server's temporary RSA key.
* dh_p - The prime modulus used for the Diffie-Hellman operation.
* dh_g - The generator used for the Diffie-Hellman operation.
* dh_Ys - The server's Diffie-Hellman public value (g^X mod p).
* params - The server's key exchange parameters.
* signed_params - For non-anonymous key exchanges, a hash of the corresponding params value, with the signature appropriate to that hash applied.
* md5_hash - MD5(ClientHello.random + ServerHello.random + ServerParams);
* sha_hash - SHA(ClientHello.random + ServerHello.random + ServerParams);
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]