Tech specification of SSL

rebecca_88 · November 27, 2018, 8:40am

May i know the tech specification of SSL?

Public key

RSA (Yes)
ECDHE
ElGamal

Private Key

Triple-Des (Data Encryption standard)
Advance Encryption standard (AES)

Key Size

Public key / symmetric : 256 bits and above
Private key / Asymmetric: 1048 and above

Recommended secure Cipher Suite

TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_RSA_WITH_AES_256_GCM_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA

mnordhoff · November 27, 2018, 9:11am

Do you have more specific context?

CAs in the web PKI are required by industry regulations to issue certificates using certain algorithms and minimum key sizes.

Most of your questions are matters of configuration and software support, and not related to the certificate or CA.

Osiris · November 27, 2018, 9:26am

Do you mean with regard to Let's Encrypt? Or SSL in general?

These are not private key algorithms. Public/private keys are always keypairs and therefore use the same algorithm. The algorithms you're listing here are symmetric ciphers.

This doesn't make sense. See above about public/private keypairs.

This isn't Let's Encrypt specific, but a webserver configuration. It depends on your choice of backwards compatibility. See: Security/Server Side TLS - MozillaWiki

JuergenAuer · November 27, 2018, 11:11am

Hi @rebecca_88

if you have a RSA public/private key pair, 2048 and 4096 are standard. If you have an EC key, 256 and 384 are the standard.

All TLS_RSA_WITH... are deprecated. Because they don't allow Forward Secrecy.

Using such a Key exchange means, that the client encrypts the master key with the public key, send it to the server, the server decrypts it with the private key.

If the complete (encrypted) traffic is saved and if the private key is compromised, the traffic can be decrypted. This isn't possible with TLS_DHE and TLS_ECDHE - Key-Exchange because no encrypted key is sent over the network.

system · December 27, 2018, 11:11am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Encryption Algorithm and key size Server	8	15060	May 10, 2017
128 bit Key Length? Issuance Tech	18	9598	December 4, 2015
Support for SHA384 and SHA512 Hashing Algorithms Issuance Tech	4	3653	January 8, 2023
Convert sha384 to sha256 Client dev	9	6223	April 2, 2017
How to generate 128 bit Lets encrypt certificate using Certbot Help	13	4910	September 10, 2018

Tech specification of SSL

Related topics