CirrostratusI am changing most of VIP cipher suite to support the TLS 1.3 , when i checked i am seeing their is enhanced security and Speed good in TLS 1.3
i am confusing with SSL handshake in TLS 1.3, where client sending key share abd server sending key share with encrypted. How it is secured?
CirrostratusAlso please explain below three cipher suits.
DEFAULT:!SSLv2:!EXPORT40:!EXP:!LOW:!SSLv3:!RC4-SHA:AES128-SHA:AES256-SHA:!DES-CBC3-SHA
ALL:!ADH:!EXPORT:!eNULL:!MD5:!DES:!SSLv2:-TLSv1:-SSLv3:!RC4-SHA
ALL:!ADH:!SSLv2:!EXPORT40:!EXP:!LOW
i am not seeing any key exchange algorithm?
also what is mean by -TLSv1: ?
MVPThe syntax ! means negate and - means support.
So anything that precedes with ! means not to include in CIPHERS.
And anything that precedes with - means to include in CIPHERS.
CirrostratusHi Jai,
Can you please clarify in below Query
i am not seeing any key exchange algorithm in above suits?
and
i am confusing with SSL handshake in TLS 1.3, where client sending key share and server sending key share with encrypted. How it is secured? in TLS 1.2 SSL handshake happens in asymmetric method!
CirrusPlease refer to the following document regarding key share.
https://tlswg.github.io/tls13-spec/key-share
The “key_share” extension contains the endpoint’s cryptographic parameters.
CirrostratusIn TLS1.3 Keyshare is sent by client in Client hello which reduces RTT compared to TLS1.2 which is what makes TLS1.3 must more faster across the wire than TLS1.2, And not sure what your point about security is regarding Keyshare, since in TLS1.2 the Keyshare is also sent by the client and the difference being it being sent only after the ServerHello is received