|
The
SSL protocol supports the use of a variety of different cryptographic
algorithms, or ciphers, for use in operations such as authenticating the
server and client to each other, transmitting certificates, and establishing
session keys.
Key Exchange Method --- defines how the shared secret
symmetric cryptography key used for application data transfer will be
agreed upon by client and server (e.g., RSA key exchange with certificates,
Diffie-Hellman key exchange without certificates). Choice of key exchange
method determines whether to use digital signatures and what kind of signatures
to use.
Cipher for Data Transfer determines how the messages in a session will
be encrypted. There are 9 choices:
1)DES. Data Encryption Standard, an encryption algorithm
used by the U.S. Government
2)DSA. Digital Signature Algorithm, part of the
digital authentication standard used by the U.S. Government. 3)KEA.
Key Exchange Algorithm, an algorithm used for key exchange by the U.S.
Government.
4)IDEA International Data Encryption Algorithm.
5)MD5. Message Digest algorithm developed by Rivest.
6)SHA-1.Secure Hash Algorithm, a hash function used
by the U.S. Government.
The latest version of SSL(SSL 3.0) supports all these ciphers.
For key-exchange most commonly used SSL cipher suites use RSA key exchange.
SSL 2.0 and SSL 3.0 support overlapping sets of cipher suits. It gives
an option to enable and disable any cipher.
Decisions about which cipher suites a particular organization decides
to enable depend on trade-offs among the sensitivity of the data involved,
the speed of the cipher, and the applicability of export rules.
|