1

My confusion stems from reading that TLS handshake uses some kind of Diffie-Hellman, when I was certain that the symmetric key was generated by a digest of earlier packets encrypted with clients public key and safely decrypted with servers PK.

This does not strike me at all as Diffie-hellman? Can somebody walk me through the correct process and explain why it is/is not DH?

Bruno Rohée
  • 5,221
  • 28
  • 39
  • 1
    What you are looking for are TLS key exchange, or key agreements. The exact algorithms used depend on the configuration, e.g. if ECDH or DH is used. [Wikipedia](https://en.wikipedia.org/wiki/Transport_Layer_Security#Key_exchange_or_key_agreement) has a good brief summary. –  Jun 06 '19 at 09:13

1 Answers1

2

My confusion stems from reading that TLS handshake uses some kind of Diffie-Hellman, when I was certain that the symmetric key was generated by a digest of earlier packets encrypted with clients public key and safely decrypted with servers PK.

The key exchange is used to generate the symmetric key (or at least the pre-master secret which the keys are derived from). There are two major types of key exchanges: Diffie-Hellman and RSA key exchange. What you refer to in the first part is Diffie-Hellman, what you refer to in the second seems to refer to RSA key exchange, although with many details wrong. RSA key exchange is considered obsolete and is no longer supported by TLS 1.3.

Bruno Rohée
  • 5,221
  • 28
  • 39
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
  • Thanks a ton, after some searching I discovered cipher-suites. I had previously been shown the RSA version. Would you mind pointing out the details I got wrong about it? – Jonas Grønbek Jun 06 '19 at 11:10
  • 1
    @JonasGrønbek: In RSA key exchange the clients creates the pre master secret, encrypts it with the servers public key and the server can decrypt it with its private key. You description is different from this in many important aspects. – Steffen Ullrich Jun 06 '19 at 14:26
  • Thanks a ton Steffen! – Jonas Grønbek Jun 06 '19 at 15:41