- From: Ned Smith <nsmith@ibeam.jf.intel.com>
- Date: Thu, 30 Jan 1997 11:32:37 +0000
- To: ietf-tls@www10.w3.org
What is the correct way to interpret handling of the NULL ciphersuite for
key exchange?
The TLS spec (excerpts provided below) appears to be vague in its
description of how key exchange handling is done if the NULL ciphersuite is
negotiated. I don't recall seeing any statement indicating it is illegal to
negotiate a NULL ciphersuite. My assumption is the NULL ciphersuite could
be negotiated anytime it is legal to negotiate any other ciphersuite (its
regular).
The spec identifies the ServerKeyExchange and ServerCertificate messages
as being optional but section 6.4.3 does not indicate which message (if
any) should be sent for NULL ciphersuite. Is it an empty KeyExchange
message or just no message (key exchange or certificate)?
Section 6.4.7 mandates the return of the ClientKeyExchange message but does
not describe the format of the message if the negotiated ciphersuite was
NULL. There is an agrement for making the ClientKeyExchange message
optional if the NULL ciphersuite was negotiated. Alternatively, the key
exchange message could contain nothing as is the case for DH_RSA and DH_DSS
key exchange methods.
Thank You,
Ned Smith
nsmith@ibeam.intel.com
-----------------------------------------------------------------------
6.4.3 Server key exchange message
When this message will be sent:
This message will be sent after the server certificate message (or
the server hello message, if the server certificate is not sent),
but before the server hello done message. The server key exchange
message may be sent before or after this message.
The server key exchange message is sent by the server only when the
server certificate message (if sent) does not contain enough data to
allow the client to exchange a premaster secret. This is true for
the following key exchange methods:
RSA_EXPORT (if the public key in the server certificate is
longer than 512 bits)
DHE_DSS
DHE_DSS_EXPORT
DHE_RSA
DHE_RSA_EXPORT
DH_anon
It is not legal to send the server key exchange message for the
following key exchange methods:
RSA
RSA_EXPORT (when the public key in the server certificate
is less than or equal to 512 bits in length)
DH_DSS
DH_RSA
6.4.7 Client key exchange message
When this message will be sent:
This message is always sent by the client. It will immediately
follow the client certificate message, if it is sent, or the
no_certificate alert, if a certificate was requested but an
appropriate one was not available. Otherwise it will be the first
message sent by the client after it receives the server hello done
message.
Meaning of this message:
With this message, the premaster secret is set, either though direct
transmisson of the RSA-encrypted secret, or by the transmission of
Diffie-Hellman parameters which will allow each side to agree upon
the same premaster secret. When the key exchange method is DH_RSA or
DH_DSS, client certification has been requested, and the client was
able to respond with a certificate which contained a Diffie-Hellman
public key whose parameters (group and generator) matched those
specified by the server in its certificate, this message will not
contain any data.
Received on Thursday, 30 January 1997 14:33:58 UTC