0

I want to create a TLS Socket connection. I know TLS has a few ways to exchange the key eg. RSA, Diffie-Hellman, etc. How can I force the use of Diffie-Hellman key exchange instead of other forms of key exchange?

I know that if using Diffie-Hellman key exchange, it is vulnerable to man-in-middle attack. When using RSA, we have server authentication which prevents MITM. But one concern I have is that using RSA prohibits the forward secrecy.

What should I do?

Christopher Schultz
  • 20,221
  • 9
  • 60
  • 77
user236501
  • 8,538
  • 24
  • 85
  • 119
  • Look at this: http://stackoverflow.com/questions/12846017/java-ssl-tls-with-anonymous-diffie-hellman – Victor Ronin Feb 07 '13 at 18:04
  • What you "know" is false. Ephemeral Diffie-Hellman cipher suites *can* authenticate the server, preventing MITM attacks, while offering forward secrecy. – erickson Feb 07 '13 at 20:00

1 Answers1

3

Specifying the key exchange method is done by choosing a cipher suite that supports that key exchange method.

You can the cipher suite on an SSLSocket (or SSLEngine) using setEnabledCipherSuites.

The tables of supported cipher suites and those enabled by default with the Oracle JRE are available in the SunJSSE provider documentation.

The anonymous cipher suites (_DH_anon_) are the ones that are vulnerable to MITM attacks.

The _DH_RSA_ or _DH_DSA_ cipher suites also use RSA or DSA for the authentication of the DH key exchange (not for the key exchange itself), to prevent MITM attacks. In addition, the Ephemeral DH cipher suites (those that contain _DHE_, or _ECDHE_ for the elliptic curve variant) provide Perfect Forward Secrecy. (The non-ephemeral _DH_RSA_ or _DH_DSA_ cipher suites are not supported by the Sun JSSE provider anyway.)

Bruno
  • 119,590
  • 31
  • 270
  • 376