Home > database >  What determines the cipher suite?
What determines the cipher suite?

Time:10-19

I am using mbedtls on my TLS application. I've a question about the cipher suites. When I debug my process, I get below lines from server side:

selected ciphersuite: TLS-ECDHE-RSA-WITH-CHACHA20-POLY1305-SHA256

What is the reason for selecting this CHACHA20-POLY1305 cipher ? Key? or certificate? or something else?

How can I change my chipher suite to TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256?

CodePudding user response:

What is the reason for selecting this CHACHA20-POLY1305 cipher

The ciphers supported by the server and by the client, including their preferences. Thus it depends on client and server configurations and on their TLS stacks.

How can I change my chipher suite to TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256?

The RSA in the currently chosen cipher suite means that an RSA certificate was used for authentication. The ECDSA in the cipher you want means that the server needs to use a ECDSA certificate instead, i.e. you cannot achieve this with an RSA certificate.

Some servers can use both a RSA and ECDSA certificate in which case the choice of certificate depends again on client and server configuration regarding supported ciphers, preference etc.

  • Related