Cryptography Reference
In-Depth Information
CipherSuite
Key Exchange
Cipher
Hash
TLS DH DSS EXPORT WITH DES40 CBC SHA
DH DSS
DES40
SHA-1
DH DSS
DES
SHA-1
TLS DH DSS WITH DES CBC SHA
DH DSS
3DES EDE
SHA-1
TLS DH DSS WITH 3DES EDE CBC SHA
DH RSA
DES40
SHA-1
TLS DH RSA EXPORT WITH DES40 CBC SHA
DH RSA
DES
SHA-1
TLS DH RSA WITH DES CBC SHA
DH RSA
3DES EDE
SHA-1
TLS DH RSA WITH 3DES EDE CBC SHA
DHE DSS
DES40
SHA-1
TLS DHE DSS EXPORT WITH DES40 CBC SHA
TLS DHE DSS WITH DES CBC SHA
DHE DSS
DES
SHA-1
DHE DSS
3DES EDE
SHA-1
TLS DHE DSS WITH 3DES EDE CBC SHA
DHE RSA
DES40
SHA-1
TLS DHE RSA EXPORT WITH DES40 CBC SHA
TLS DHE RSA WITH DES CBC SHA
DHE RSA
DES
SHA-1
DHE RSA
3DES EDE
SHA-1
TLS DHE RSA WITH 3DES EDE CBC SHA
DH anon
RC4 40
MD5
TLS DH anon EXPORT WITH RC4 40 MD5
TLS DH anon WITH RC4 128 MD5
DH anon
RC4 128
MD5
DH anon
DES40
SHA-1
TLS DH anon EXPORT WITH DES40 CBC SHA
DH anon
DES
SHA-1
TLS DH anon WITH DES CBC SHA
TLS DH anon WITH 3DES EDE CBC SHA
DH anon
3DES EDE
SHA-1
Figure 12.8. Standard TLS cipher suites with Diffie-Hellman key agreement.
DES is used in three variants: a variant limited to 40-bit keys DES40, the regular
DES, and triple DES with three keys 3DES EDE. AES is used with two different key
lengths: 128 and 256 bits. RC2 40 is another block cipher with a key of 40 bits.
At the time SSL was developed, the US export restrictions were quite drastic since
it required that secret keys were computable by anyone within an effort comparable to
an exhaustive search on 40 bits. Corresponding cipher suites are identified by the word
“EXPORT” in their name. Actually the algorithms use a secret key which is derived
from a 40-bit key and the nonces which prevent dictionary attacks. Corresponding
cipher suites still exist because of compatibility reasons.
CipherSuite
Key Exchange
Cipher
Hash
RSA
AES 128
SHA-1
TLS RSA WITH AES 128 CBC SHA
DH DSS
AES 128
SHA-1
TLS DH DSS WITH AES 128 CBC SHA
DH RSA
AES 128
SHA-1
TLS DH RSA WITH AES 128 CBC SHA
DHE DSS
AES 128
SHA-1
TLS DHE DSS WITH AES 128 CBC SHA
DHE RSA
AES 128
SHA-1
TLS DHE RSA WITH AES 128 CBC SHA
DH anon
AES 128
SHA-1
TLS DH anon WITH AES 128 CBC SHA
RSA
AES 256
SHA-1
TLS RSA WITH AES 256 CBC SHA
DH DSS
AES 256
SHA-1
TLS DH DSS WITH AES 256 CBC SHA
DH RSA
AES 256
SHA-1
TLS DH RSA WITH AES 256 CBC SHA
DHE DSS
AES 256
SHA-1
TLS DHE DSS WITH AES 256 CBC SHA
DHE RSA
AES 256
SHA-1
TLS DHE RSA WITH AES 256 CBC SHA
DH anon
AES 256
SHA-1
TLS DH anon WITH AES 256 CBC SHA
Figure 12.9. Standard TLS cipher suites with AES.
 
Search WWH ::




Custom Search