I have been learning about the SSL/TLS protocol (from https://www.rfc-editor.org/rfc/rfc5246) and have a few conceptual questions about the protocol.
- The client and server exchange "hello" messages during which they choose the SSL/TLS version and the cipher suites. More specifically, the client suggests a list of cipher suites and the server picks one (If the server does not pick anything, the handshake fails). Now, does the server choose the cipher suite corresponding to the ones used in the certificate?
For ex: running openssl x509 -in <server_cert>.pem -text -noout
gives you information about the server certificate. On a sample certificate, I see that the public key algorithm is rsaEncryption (2048bit) and the signature algorithm is sha256WithRSAEncryption. Doesn't this already predetermine part of the cipher suite used in the handshake?
- Let us suppose that the server and client agree upon a cipher suite. Now, I also see that clients can also present a certificate later in the handshake. Does that mean that the ciphers on the client certificate must be compatible with the cipher suite chosen?
(Similar question, but does not answer what I want: Picking cipher suites for HTTPS)