1

As far as I know, this is the process of establishing a TLS connection between a client and a web server:

  1. Client sends a TLS request (using a packet called Client Hello) to the server.
  2. Server answers to the request with a Server Hello and a Certificate.
  3. Client verifies the certificate using public key of the certificate's signer CA and if everything was okay with the certificate, then the client extract server's public key from it.
  4. Client generate a random number as symmetric cryptography key and encrypt this key with server's public key and sends it to the server.
  5. Server decrypts the received data using his private key and extract that symmetric key.
  6. Client and server start an encrypted communication using that symmetric key.

The question is that what is the usage of Diffie Hellman in above process?

If there is no usage of Diffie Hellman in above process, then what does meaning of following lines in Client Hello and Server Hello of a TLS connection:

Client Hello suggests some cipher suites: enter image description here

Server Hello selects TLS ECDHE RSA ...: enter image description here

Ebrahim Ghasemi
  • 264
  • 2
  • 10
  • https://crypto.stackexchange.com/questions/12730/at-what-stage-is-dhe-and-rsa-used-during-the-ssl-tls-handshake – schroeder Apr 27 '17 at 06:48
  • 1
    What you describe does not involve Diffie-Hellman key exchange but is somewhat related to how RSA key exchange works (but does not describe it exactly). But your pictures show use of a (EC)DH cipher, i.e. use of Diffie-Hellman key exchange. Which means what you describe and what you show in the picture are two different things. – Steffen Ullrich Apr 27 '17 at 07:15
  • @SteffenUllrich Where can I find a good description for what happens in the pictures that I added to the question? – Ebrahim Ghasemi Apr 27 '17 at 08:40
  • @SteffenUllrich So, for TLS communication we have different ways of key exchange. One is RSA key exchange (that I described above) and one is Diffie Hellman, right? (Is there any other way?) – Ebrahim Ghasemi Apr 27 '17 at 08:42
  • 1
    @Abraham: I recommend to have a closer look at [How does SSL/TLS work?](https://security.stackexchange.com/questions/20803/how-does-ssl-tls-work). The answers there are very detailed and should hopefully answer your question. – Steffen Ullrich Apr 27 '17 at 10:03

0 Answers0