What is ECDHE-RSA?

  • What is the difference between ECDHE-RSA and DHE-RSA?

    I know that DHE-RSA is (in one sentence) Diffie Hellman signed using RSA keys. Where DH is used for forward secrecy and RSA guards against MITM, but where do the elliptic curves in ECDHE-RSA are exactly used? What upsides has ECDHE-RSA over DHE-RSA?

    I notice all the security sites don't use elliptic curve. They favor RSA for key exchange.

    @ron Send them a complaint about their bad choice. Using either DHE or ECDHE not RSA for key-exchange improves security a lot (Lavabit is a prominent example). If you don't trust ECC, use DHE_RSA not plain RSA.

    @CodesInChaos: just make sure your server doesn't hardcode DH params and allows only 1024bit ones (like apache did before 2.4.7).

    I prefer RSA over ECDHE, if possible, for easier maintenance and troubleshooting. I can decrypt SSL connection error messages (Encrypted Alerts) more easily with non-DHE ciphers using only the private key in Wireshark. Logging session keys to decrypt DHE is more of a pain.

    While decrypting non-DHE ciphers is easier, if you have access to server private key, it removes forward secrecy for the exact same reason that makes it easier. Also, that option will be removed with TLSv1.3 so logging session keys will be the only possibility.

  • ECDHE suites use elliptic curve diffie-hellman key exchange, where DHE suites use normal diffie-hellman. This exchange is signed with RSA, in the same way in both cases.

    The main advantage of ECDHE is that it is significantly faster than DHE. This blog article talks a bit about the performance of ECDHE vs. DHE in the context of SSL.

License under CC-BY-SA with attribution

Content dated before 6/26/2020 9:53 AM