Skip to main content
Information Security

Return to Question

replaced http://security.stackexchange.com/ with https://security.stackexchange.com/
Source Link
Community Bot
Community Bot
  • 1

For the purpose of this question, let assume that an SSL/TLS connection has 4 parameters:

  • protocol,
  • symmetric encryption method,
  • asymmetric encryption method,
  • MAC.

During the negotiation of SSL parameters, a browser tries to achieve the best possible parametersthe best possible parameters. So, my questions are:

  1. What is the proper order of the previous list? I know that all of them important (needed). But I assume that in the code one of them is chosen as the first, then there is second, third and fourth. I believe that choosing TLSv1.2 with DES is more secure than SSLv3 with AES256. So the question is how it is implemented in the browser.
  2. Where does browser store this information and whether it can be changed by user?

I know that there can be probably couple of browser-dependent answers, but maybe there are some general rules enforced by SSL/TLS protocol.

For the purpose of this question, let assume that an SSL/TLS connection has 4 parameters:

  • protocol,
  • symmetric encryption method,
  • asymmetric encryption method,
  • MAC.

During the negotiation of SSL parameters, a browser tries to achieve the best possible parameters. So, my questions are:

  1. What is the proper order of the previous list? I know that all of them important (needed). But I assume that in the code one of them is chosen as the first, then there is second, third and fourth. I believe that choosing TLSv1.2 with DES is more secure than SSLv3 with AES256. So the question is how it is implemented in the browser.
  2. Where does browser store this information and whether it can be changed by user?

I know that there can be probably couple of browser-dependent answers, but maybe there are some general rules enforced by SSL/TLS protocol.

For the purpose of this question, let assume that an SSL/TLS connection has 4 parameters:

  • protocol,
  • symmetric encryption method,
  • asymmetric encryption method,
  • MAC.

During the negotiation of SSL parameters, a browser tries to achieve the best possible parameters. So, my questions are:

  1. What is the proper order of the previous list? I know that all of them important (needed). But I assume that in the code one of them is chosen as the first, then there is second, third and fourth. I believe that choosing TLSv1.2 with DES is more secure than SSLv3 with AES256. So the question is how it is implemented in the browser.
  2. Where does browser store this information and whether it can be changed by user?

I know that there can be probably couple of browser-dependent answers, but maybe there are some general rules enforced by SSL/TLS protocol.

Tweeted twitter.com/#!/StackSecurity/status/624947593253097473
Clarified the first question
Source Link
RoraΖ
RoraΖ
  • 12.5k
  • 4
  • 54
  • 84

For the purpose of this question, let assume that an SSL/TLS connection has 4 parameters:

  • protocol,
  • symmetric encryption method,
  • asymmetric encryption method,
  • MAC.

During the negotiation of SSL parameters, a browser tries to achieve the best possible parameters. So, my questions are:

  1. What is the proper order of the previous list? In another words: what is the most I know that all of them important (and the leastneeded) important connection parameter for a. But I assume that in the code one of them is chosen as the first, then there is second, third and fourth. I believe that choosing TLSv1.2 with DES is more secure than SSLv3 with AES256. So the question is how it is implemented in the browser?.
  2. Where does browser store this information and whether it can be changed by user?

I know that there can be probably couple of browser-dependent answers, but maybe there are some general rules enforced by SSL/TLS protocol.

For the purpose of this question, let assume that an SSL/TLS connection has 4 parameters:

  • protocol,
  • symmetric encryption method,
  • asymmetric encryption method,
  • MAC.

During the negotiation of SSL parameters, a browser tries to achieve the best possible parameters. So, my questions are:

  1. What is the proper order of the previous list? In another words: what is the most (and the least) important connection parameter for a browser?
  2. Where does browser store this information and whether it can be changed by user?

I know that there can be probably couple of browser-dependent answers, but maybe there are some general rules enforced by SSL/TLS protocol.

For the purpose of this question, let assume that an SSL/TLS connection has 4 parameters:

  • protocol,
  • symmetric encryption method,
  • asymmetric encryption method,
  • MAC.

During the negotiation of SSL parameters, a browser tries to achieve the best possible parameters. So, my questions are:

  1. What is the proper order of the previous list? I know that all of them important (needed). But I assume that in the code one of them is chosen as the first, then there is second, third and fourth. I believe that choosing TLSv1.2 with DES is more secure than SSLv3 with AES256. So the question is how it is implemented in the browser.
  2. Where does browser store this information and whether it can be changed by user?

I know that there can be probably couple of browser-dependent answers, but maybe there are some general rules enforced by SSL/TLS protocol.

deleted 49 characters in body
Source Link
RoraΖ
RoraΖ
  • 12.5k
  • 4
  • 54
  • 84

For the purpose of this question, let assume that an SSL/TLS connection has 4 parameters:

  • protocol,
  • symmetric encryption method,
  • asymmetric encruptionencryption method,
  • MAC.

During the negotationnegotiation of SSL parameters, a browser tries to achieve the best possible parameters. So, my questions are:

  1. What is the proper order of the previous list? In another words: what is the most (and the least) important connection parameter for a browser?
  2. Where does browser store this information and whether it can be changed by user?

I know that there can be probably couple of browser-dependent answers, but maybe there are some general rules enforced by SSL/TLS protocol.

Thanks for you help, regards! Boleslaw

For the purpose of this question, let assume that an SSL/TLS connection has 4 parameters:

  • protocol,
  • symmetric encryption method,
  • asymmetric encruption method,
  • MAC.

During the negotation of SSL parameters, a browser tries to achieve the best possible parameters. So, my questions are:

  1. What is the proper order of the previous list? In another words: what is the most (and the least) important connection parameter for a browser?
  2. Where does browser store this information and whether it can be changed by user?

I know that there can be probably couple of browser-dependent answers, but maybe there are some general rules enforced by SSL/TLS protocol.

Thanks for you help, regards! Boleslaw

For the purpose of this question, let assume that an SSL/TLS connection has 4 parameters:

  • protocol,
  • symmetric encryption method,
  • asymmetric encryption method,
  • MAC.

During the negotiation of SSL parameters, a browser tries to achieve the best possible parameters. So, my questions are:

  1. What is the proper order of the previous list? In another words: what is the most (and the least) important connection parameter for a browser?
  2. Where does browser store this information and whether it can be changed by user?

I know that there can be probably couple of browser-dependent answers, but maybe there are some general rules enforced by SSL/TLS protocol.

Source Link
boleslaw.smialy
boleslaw.smialy
  • 1.6k
  • 2
  • 16
  • 25