8

I'm looking for a detailed explanation of the ciphersuites available in openssl.

openssl already offers the ciphers command which can be used to output, for example, the following:

$ openssl ciphers -v "HIGH,-SHA,-AES256"
DH-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH/DSS   Au=DH   Enc=AESGCM(128) Mac=AEAD
DHE-DSS-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=DSS  Enc=AESGCM(128) Mac=AEAD
DH-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH/RSA   Au=DH   Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=DH       Au=RSA  Enc=AESGCM(128) Mac=AEAD
DHE-RSA-AES128-SHA256   TLSv1.2 Kx=DH       Au=RSA  Enc=AES(128)  Mac=SHA256
DHE-DSS-AES128-SHA256   TLSv1.2 Kx=DH       Au=DSS  Enc=AES(128)  Mac=SHA256
DH-RSA-AES128-SHA256    TLSv1.2 Kx=DH/RSA   Au=DH   Enc=AES(128)  Mac=SHA256
DH-DSS-AES128-SHA256    TLSv1.2 Kx=DH/DSS   Au=DH   Enc=AES(128)  Mac=SHA256
ADH-AES128-GCM-SHA256   TLSv1.2 Kx=DH       Au=None Enc=AESGCM(128) Mac=AEAD
ADH-AES128-SHA256       TLSv1.2 Kx=DH       Au=None Enc=AES(128)  Mac=SHA256
AES128-GCM-SHA256       TLSv1.2 Kx=RSA      Au=RSA  Enc=AESGCM(128) Mac=AEAD
AES128-SHA256           TLSv1.2 Kx=RSA      Au=RSA  Enc=AES(128)  Mac=SHA256

It seems that ADH stands for "Anonymous Diffie-Hellman" but also implies specific groups and bit sizes.

I am interested in detailed explanations of what all the abbreviations are and generally which of these ciphersuites are considered secure.

Specifically:

  1. What is ADH? Where is it standardized?
  2. The listed MAC algorithms are hash functions. Is it using HMAC?
  3. What does "Au" mean?
Elias
  • 4,933
  • 1
  • 16
  • 32

3 Answers3

5

What is ADH? Where is it standardized?

ADH stands for Anonymous Diffie-Hellman, ie unauthenticated Diffie-Hellman, also called "opportunistic encryption". It has been part of the SSL/TLS standards at least since SSLv3. It was also extended to ECDHE in RFC4492.

The listed MAC algorithms are hash functions. Is it using HMAC?

Yes indeed.

What does "Au" mean?

It most likely means something like Authentication mechanism. This clearly covers with the given ciphersuites as ADH suites have none there, RSA key-transport and DHE+RSA suites have RSA there (server authenticated via RSA signature), DHE+DSS suites have DSS there (server authenticated via DSA) and suites using static DH ones have DH there (server authenticated via his static DH public key).

Community
  • 1
SEJPM
  • 46,697
  • 9
  • 103
  • 214
3

Anonymous Diffie Hellman just means you don't use authentication for the key exchange along with Diffie Hellman. This also somehow answers your third question: Au stands for Authentication, as you can see whenever the suite uses ADH, Au is set to none. It isn't adviseable to use ADH in general.

As SHA256 itself is not a MAC, it uses some kind of MAC construction. AEAD stands for Authenticated Encryption with Associated Data. The Authenticated Encryption part tells you, the block mode (GCM in your examples) has message authentication built in.

Regarding the question of which of these ciphersuites are considered secure. That is hard to answer without knowing more about the environment, but this site and paper tries to give a general and practical answer.

0kp
  • 346
  • 1
  • 8
-1
  • Au = Authentication
  • Kx = Key Exchange
  • Enc = Encrypt
  • Mac = Message Authentication Code

For further details, see the OpenSSL documentation about ciphers.

Mike Edward Moras
  • 18,161
  • 12
  • 87
  • 240
Jagger Yu
  • 101