I created a self signed certificate on my Fedora CLI server using the openssl command
openssl req -x509 -sha256 -newkey rsa:2048 -nodes -keyout key.pem -out cert.pem -days 100
From my understanding, this is how TLS works:
- Client sends cipher suite preferences to server
- Server chooses cipher suite, and also sends certificate and (rsa) public key to client
- client generates a Premaster key (mostly random bits). Encrypts it with the given public key, and sends it to the server.
- The client and server both independently generate the master key and then the session key. The session key being the symmetric key that provides a "secure channel".
Question 1. How do I find out the symmetric encryption algorithm used for the session key?
Question 2. What relation does this openssl command have with the openssl ciphers
command?
Question 3. Does TLS implicity use Diffie Hellman? Am I using Diffie Hellman?
Question 4. I saw an internet post that recommended disabling some ciphers. How can I do this?
Any help would be much appreciated, thanks
EDIT
Question 5. So if my application (say, Apache HTTP Server) is using both TLS and that x509 certificate, and the client is using a https requests to connect to that server, then would the agreed upon cipher suite look something like this: TLS_RSA_WITH_NULL_SHA ? (I've just placed those elements in from my command)