Some queries

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Some queries

Jagannadha Bhattu
1. If we do not set SSL_OP_SINGLE_DH_USE then the same public and
private keys are used for all connections? If so how can this provide
security at all as one client can decrypt other client's messages?

2. Is it required to seed the random number generator whenever we use
SSL? or only in cases where it is explicitly asked such as in the
documentation of RSA_generate_key.

3. According to my understanding, SSL private key and public key are
RSA keys and for ephemeral keying we can use another set of RSA keys
or with the key generated by DH params. Let me know if my
understanding is wrong. If this is the case then in the  supported
ciphers list that we get with the command "openssl ciphers -v 'ALL'",
I see 3 fields: key exchange (Kx), Authentication (Au) and Encryption
(Enc). What is the meaning of all these fields? At what phase of SSL
protocol does all these things come into picture and how they work?
Where can I get detailed documentation about all these?

Thanks
JB
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: Some queries

Vadym Fedyukovych
Jagannadha Bhattu wrote:
> 1. If we do not set SSL_OP_SINGLE_DH_USE then the same public and
> private keys are used for all connections? If so how can this provide
> security at all as one client can decrypt other client's messages?

Different clients would get different common DH secret values.
That is, client public DH key power server private key.

> 2. Is it required to seed the random number generator whenever we use
> SSL? or only in cases where it is explicitly asked such as in the
> documentation of RSA_generate_key.

It's reasonable to seed all the time your application have
some hard to predict data

> 3. According to my understanding, SSL private key and public key are
> RSA keys and for ephemeral keying we can use another set of RSA keys
> or with the key generated by DH params. Let me know if my
> understanding is wrong. If this is the case then in the  supported

Ephemeral key is required if SSL server key could only be used
for signing, say DSA. RSA could be used without ephemeral keys
because SSL server could decrypt client's secret with RSA.

> ciphers list that we get with the command "openssl ciphers -v 'ALL'",
> I see 3 fields: key exchange (Kx), Authentication (Au) and Encryption
> (Enc). What is the meaning of all these fields? At what phase of SSL
> protocol does all these things come into picture and how they work?
> Where can I get detailed documentation about all these?

SSL/TLS1 specifications could be something to start from

>
> Thanks
> JB
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [hidden email]
> Automated List Manager                           [hidden email]


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]