1

I generated my self signed certificate using openssl and I chose ECC keys (prime 256v1) for root certificate but while authenticating with the server i.e. IBM cloud and my device the negotiated cipher suite was TLS-ECDHE-RSA-WITH-AES-128-GCM-SHA256 so now I'm confused because I've generated ECC keys but RSA has been used in cipher suites what I thought was it will be TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256 .

So is there any interdependency between cipher suite and certificate used for authentication or they are both independently working without any relation?

wanglen soram
  • 41
  • 1
  • Did you 'generate my ... cert' for the _client_ or the _server_? The _server_ cert matches the ciphersuite in protocols through TLS1.2 (but no longer in 1.3); the _client_ cert does not. – dave_thompson_085 Mar 02 '21 at 04:23
  • Im generating client certificate as well as root certificate. Root certificate I added to the cloud IBM – wanglen soram Mar 02 '21 at 07:38
  • Then, as I said: client cert and ciphersuite aren't matched. More specifically, the client cert can use any of the algorithms specified by the server in the CertRequest message, regardless of the ciphersuite. – dave_thompson_085 Mar 03 '21 at 08:39

0 Answers0