Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [tls]

SSL (Secure Sockets Layer) and its successor TLS (Transport Layer Security) are protocols which provide communication security (privacy and integrity) for a bidirectional data channel.

SSL/TLS are usually used on top of a transport layer protocol like TCP, either below or integrated in an application layer protocol (like HTTP, POP3, FTP).

During connection startup a handshake occurs, in which the partners negotiate a cipher suite (combination of key exchange, encryption, MAC algorithms and a pseudorandom function), then use the key exchange algorithm to create a shared secret. Depending on the Cipher suite, this may include sending and validating a certificate containing a public key, and encrypting or signing some data using this key, thereby authenticating at least the server, optionally also the client.

After the handshake everything which will be sent is encrypted and integrity-protected.

674 questions
153
votes
1 answer

What are the differences between .pem, .csr, .key, .crt and other such file extensions?

I'm new to SSL / TLS, and I want to work with the OpenSSL toolkit. What do .pem and .csr stand for? I do know that .key is the private key and .crt is the public key.
Richard R. Matthews
  • 4,545
  • 9
  • 31
  • 49
98
votes
2 answers

Why doesn't SSH use TLS?

Most cryptographically protected protocols use TLS these days. This applies to mail protocols, HTTP and many others. The newly designed QUIC has also adopted TLS as its cryptography layer. However, SSH is different: it has its own cryptography…
juhist
  • 1,643
  • 1
  • 13
  • 18
88
votes
5 answers

How secure is AES-256?

The cipher AES-256 is used among other places in SSL/TLS across the Internet. It's considered among the top ciphers. In theory it's not crackable since the combinations of keys are massive. Although NSA has categorized this in Suite B, they have…
Gustav
  • 1,085
  • 1
  • 9
  • 7
64
votes
5 answers

What's the appeal of using ChaCha20 instead of AES?

I read about ChaCha20 being used in TLS by Google, SSH, and towards standardization in general. What's the appeal of using something other than AES, what with AES receiving dedicated CPU instructions on various architectures to make it so efficent?
JDługosz
  • 743
  • 1
  • 5
  • 6
63
votes
5 answers

Technical feasibility of decrypting https by replacing the computer's PRNG

Intel has an on-chip RdRand function which supposedly bypasses the normally used entropy pool for /dev/urandom and directly injects output. Now rumors are going on that Intel works together with the NSA... and knowing that PRNGs are important for…
Luc
  • 1,558
  • 3
  • 19
  • 34
52
votes
7 answers

Google is using RC4, but isn't RC4 considered unsafe?

Why is Google using RC4 for their HTTPS/SSL? $ openssl s_client -connect www.google.com:443 | grep "Cipher is" New, TLSv1/SSLv3, Cipher is RC4-SHA Isn't RC4 unsafe to use?
Jonas Lejon
  • 621
  • 1
  • 5
  • 6
51
votes
2 answers

Differences between the terms "pre-master secret", "master secret", "private key", and "shared secret"?

Both crypto.SE and security.SE have excellent Q&As about how TLS generates session keys (I have linked some at the bottom). In reading these threads I'm having troubles with terminology since the following terms seem to be used with overlapping…
Mike Ounsworth
  • 3,717
  • 1
  • 20
  • 29
46
votes
3 answers

Is Triple DES still considered safe to use?

What it says on the tin. Is it still used in things like TLS?
Melab
  • 4,178
  • 4
  • 24
  • 49
44
votes
5 answers

What is the SSL private key file format?

I was researching about how to encrypt with RSA. I understood everything but not the format of the private keys. In the phpseclib (RSA in PHP), you can import your private key (private.key format) and in the key file there is text like…
tor
  • 563
  • 1
  • 6
  • 10
41
votes
2 answers

What's the difference between RSA and Diffie-Hellman?

I've been reading the same thing on a lot of websites: RSA is for communication using the public and private key for both the server and client, whereas Diffie-Hellman is just for exchanging the same secret key that will then be used for both…
user3407319
  • 515
  • 1
  • 6
  • 8
39
votes
3 answers

Why was AES CBC removed in TLS 1.3?

I don't quite understand why AES CBC was removed in TLS1.3. From what I know CBC is the most secure Mode of operation for the AES block cipher (if you can say it like that). It only needs a TRND IV and has not been broken. If you pair it with a…
Richard R. Matthews
  • 4,545
  • 9
  • 31
  • 49
31
votes
7 answers

How can SSL secure a two-way communication with only one key-pair?

As I understand it, SSL involved the use of a public-private key pair. How does this enable two-way communication? Suppose I have some server with which I wish to communicate securely. I connect to it, and it supplies me a certificate, which…
GWLlosa
  • 659
  • 1
  • 6
  • 8
28
votes
3 answers

How can I use SSL/TLS with Perfect Forward Secrecy?

I'm new to the field of cryptography, but I want to make the web a better web by setting up the sites that I host with Perfect Forward Secrecy. I have a list of questions regarding the setup of Perfect Forward Secrecy. Here it goes: Can my choice…
Clay Freeman
  • 421
  • 1
  • 4
  • 8
27
votes
2 answers

Why did TLS 1.3 prohibit PGP authentication?

There is a specification, in Informational(!) RFC 6091, for using PGP keys in TLS authentication, although I don’t think it has ever been implemented outside of GnuTLS (it’s certainly not in OpenSSL). Yet the TLS 1.3 RFC 8446 §4.4.2 goes as far as…
Alex Shpilkin
  • 370
  • 3
  • 11
24
votes
2 answers

What is the purpose of four different secrets shared by client and server in SSL/TLS?

I was looking through the working of SSL V3, and found that a connection state is defined by a set of things, including client write mac secret, server write mac secret, server write key, client write key. I couldn't found the use of these in the…
user5507
  • 1,933
  • 5
  • 21
  • 29
1
2 3
44 45