Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

I\'m a little confused about something I am reading in Bulletproof SSL. \"TLS 1.

ID: 659904 • Letter: I

Question

I'm a little confused about something I am reading in Bulletproof SSL.

"TLS 1.2 is the only protocol that allows suites to define their PRFs. This means that for the suites defined before TLS 1.2 the negotiated protocol version dictates the PRF. For example, the TLS_RSA_WITH_AES_128_CBC_SHA suite uses a PRF based on HMACSHA256 when negotiated with TLS 1.2 but a PRF based on a HMAC-MD5/HMACSHA combination when used with TLS 1.0. On the other hand, SHA384 GCM suites (which can be used only with TLS 1.2 and newer) will always use HMAC-SHA384 for the PRF."

The cipher in the example above is listed as a TLSv1.0 cipher from the OpenSSL page. However it says here that it can be negotiated as TLSv1.2? What am I missing? (Obviously a lot I know that but be gentle:)) I was under the impression that a 1.0 ciphers could only be negotiated as 1.0.

How are TLSv1.0 ciphers negotiated as TLSv1.2?

Explanation / Answer

No, new versions of TLS have not removed cipher suites defined in older versions.1 Which version of TLS you use and which cipher suite you use are two linked but separate matters (you can't always use a new cipher suite in an old TLS version). OpenSSL is just listing which version the cipher suites were first added in.

The PRF is mostly used for key derivation (and verifying the handshake hasn't been tampered with). TLS 1.0 and 1.1 said, "we do this thing with MD5 and SHA-1". TLS 1.2 went and changed it to, "Yeah, so, now it depends on the negotiated cipher suite. All the old cipher suites will now use SHA-256, btw.". (Edit: I'm 99% certain that's correct. The old cipher suites may use either MD5 or SHA-1 instead. The RFC confuses me.)

1 The agenda for TLS 1.3 includes removing all sorts of old, obsolete nonsense, including many yucky cipher suites. Also, I'm being careful with my language when I say "TLS". I'm ignoring SSL. SSL 3.0 probably removed stuff, and I don't know if TLS 1.0 did.

Related Questions

I\'m a Delphi and C# coder and have been given the assignment to introduce the m
Question #642233
I\'m a Delphi developer with aprox 5 years of experience. But now, Delphi seems
Question #639548
I\'m a Java developer, mostly doing Spring stuff. I understand the patterns, OOP
Question #651893
I\'m a MS/BS computer science guy who is wondering about why lightning can\'t (o
Question #1375497
I\'m a PHP developer and I recently started to work with CodeIgniter. It seems t
Question #650892
I\'m a PHP developer for a living but have never worked on or contributed to any
Question #660418
I\'m a PHP/Python programmer learning Java and C#(.NET). My main OS is windows 7
Question #648734
I\'m a Software Engineer, but I have no experience in security, so i\'m trying t
Question #661313
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
I\'m a little confused about how VPNs work ... I read that they provide an end-t
Next
I\'m a little confused about the relationship of ATP energy and change in free e

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.