Forum Discussion
AltocumulusSSL/TLS Ciphers and PFS
Hello devs!
I'm trying to wrap my head around all things crypto and thus I have some questions for you guys:
My understanding is that most TLS1.2 ciphers suites uses Diffie-Hellman or RSA for the key exchange and so, the certificate/key that you configure under the client-ssl profile has nothing to do with the key exchange itself. Correct?
Which key exchange protocol uses the certificate/key under the client-ssl profile to cipher the secret and does not have FS?
I found K16700 that have an iRule that takes notes of sessionids+master-keys. Is it correct to assume that with this iRule, I can capture most modern TLS1.1 and TLS1.2 cipher suites and decrypts client traffic? I ask this because since I first read about PFS I was very worried that I would never be able to capture and see what was going on at L7, but to me, it seems that if you capture session-id+master-key you can pretty much decrypt those PFS ciphers, meaning PFS means that if you don't capture session-id+master-key you're in trouble because the client-ssl private-key won't help.
Thanks!
Dario_GarridoNoctilucent
Hello rafaelbn
The PFS depends of the Key Exchange (Kx) which is part of the cipher suite
openssl ciphers -v ECDHE-RSA-AES256-GCM-SHA384 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(256) Mac=AEADA good explanation of the cipher suite here -> https://www.youtube.com/watch?v=ZM3tXhPV8v0
The term 'ephemeral' refers to protocols which implements PFS
- ECDHE - Elliptic-curve Diffie-Hellman Ephemeral
- DHE - Diffie-Hellman Ephemeral
ECDH, DH, RSA have not PFS.
The TMM uses their own set of cipher suites:
tmm --clientciphers NATIVEYou can custom your clientssl profile to use any specific set of cipher suites.
More info here -> https://support.f5.com/csp/article/K17370
Regarding to decrypting, to decrypt a PFS Key Exchange you should have the random number of the exchange and the private key. In case of RSA, you only need the private key.
KR, Dario.