Which symmetric key algorithm does SSL use?

ssl cryptography rsa public-key-encryption encryption-symmetric
xyz picture xyz · May 22, 2011 · Viewed 23.6k times · Source

I understand that through SSL, the browser gets the public key of the secured website and through public key encryption rsa algorithm, these 2 establish session key and then continue communication thru some symmetric algorithm, because symmetric key encryption/decryption is faster. Which symmetric key algorithm does SSL use? DES? AES? or something else?

Answer

Eugene Mayevski 'Callback picture Eugene Mayevski 'Callback · May 22, 2011

When the client connects to the server, it negotiates a so-called ciphersuite (combination of encryption, key exchange, authentication algorithms) to use. Each SSL client or server has a list of allowed ciphersuites and during handshake the client and the server negotiate on what ciphersuite to use. It can happen sometimes, that there's no common denominator (ciphersuites sets don't intersect) and connection can't be established.

Symmetric algorithms supported in SSL are DES, 3DES, ARCFOUR, AES, Camellia, RC2, IDEA, SEED, NULL (no encryption).

Related questions

What RSA key length should I use for my SSL certificates?

I'm in the process of creating a CSR, and I wonder which is arguably the best length for my RSA key. Of course, 384 is probably too weak, and 16384 is probably too slow. Is there a consensus on the key length …

Read More
Why does SSL handshake give 'Could not generate DH keypair' exception?

When I make an SSL connection with some IRC servers (but not others - presumably due to the server's preferred encryption method) I get the following exception: Caused by: java.lang.RuntimeException: Could not generate DH keypair at com.sun.…

Read More
how to get private key from PEM file?

i have a .PEM file that includes public key and a private key for SSL data transfer like this: -----BEGIN RSA PRIVATE KEY----- private key data -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- public key data -----END CERTIFICATE----- when i want …

Read More