Tls version 1 cipher suites – Zilog EZ80F91AZA User Manual

Page 71

UM020107-1211

ZTP Network Security SSL Plug-In

User Manual

When SSLv3 was drafted, the U.S. export laws restricted the length of the encryption keys
to 40 bits and public keys to 512 bits. Therefore, when cipher algorithms are used which
require longer key lengths, only 40 bits of the key are protected by the key exchange algo-
rithm. Similarly, the public key size used in export cipher suites must be restricted to 512
bits or less. The public keys used for signature verification are not restricted in export
cipher suites, but the key size of the (Ephemeral) Diffie-Hellman parameters must be 512
bits or less.

TLS Version 1 Cipher Suites

The SSLv3 and TLSv1 cipher suites contained in their respective specifications are nearly
identical. The only significant difference is that the SSLv3 specification included support
for the Fortezza key exchange algorithm, which is not included in the TLSv1 specifica-
tion. Otherwise, the only difference between the cipher suites is all SSLv3 cipher suites
use SSL as the first three characters in the cipher suite mnemonic, while TLSv1 cipher
suites use TLS. Therefore, the SSLv3 cipher suite:

SSL_RSA_WITH_RC4_128_MD5

identical to the TLSv1 cipher SUITE

TLS_RSA_WITH_RC4_128_MD5

SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA

Yes

SSL_DHE_DSS_WITH_DES_CBC_SHA

Yes

SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA

Yes

SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA

Yes

SSL_DHE_RSA_WITH_DES_CBC_SHA

Yes

SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA

Yes

SSL_DH_anon_EXPORT_WITH_RC4_40_MD5

SSL_DH_anon_WITH_RC4_128_MD5

SSL_DH_anon_EXPORT_WITH_DES40_CBC_SHA

SSL_DH_anon_WITH_DES_CBC_SHA

SSL_DH_anon_WITH_3DES_EDE_CBC_SHA

SSL_FORTEZZA_KEA_WITH_NULL_SHA

SSL_FORTEZZA_KEA_WITH_FORTEZZA_CBC_SHA

SSL_FORTEZZA_KEA_WITH_RC4_128_SHA

Table 9. SSLv3 Cipher Suites (Continued)

Cipher Suite Mnemonic

Supported?

Note:

This manual is related to the following products:

EZ80F91NAA EZ80190 EZ80F91 eZ80F92 EZ80F93 EZ80L92