• Register

Cipher Suite Question

0 votes
257 views
I was trying understand more about cipher suites.

ECDHE-ECDSA-AES256-SHA384

In this cipher, the pre-master secret is send to the server by encrypting it with server public key using ECDHE algorithm.

The server authenticity is verified by the client by looking at the server certificate. The server public key must be generated with ECDSA algorithm

Am I right?

Krishna
asked Feb 29, 2016 in SSL Certificates by Krishna (180 points)
    

1 Answer

0 votes

Hello Krishna,

You are almost correct.  It is the Server Private Key would need to be generated with the ECDSA algorithm, as opposed to the commonly used RSA algorithm.  That ECDSA Private Key could then be used to make a CSR, which in turn would be signed and made into the ECDSA Public Key. 

This particular cipher suite, ECDHE-ECDSA-AES256-SHA384, would generally be used in a dual-key environment where clients could fall back to an RSA cipher if they did not yet have support for ECDSA.  If you used only ECDSA you would likely restrict many clients from reaching your server, as the key algorithm is not widely used. However, it's faster and will be utilized more in the future.

 

 

 

 

 

answered Mar 11, 2016 by TomZ. (1,090 points)

Related questions

0 votes
1 answer 269 views
269 views asked Jan 10, 2014 in General by Pener
0 votes
0 answers 95 views
0 votes
0 answers 124 views
0 votes
0 answers 136 views
...