why does ssl's ciphersuite contain authentication algorithm?
SSL's handshake should negotiate the ciphersuite between peers which contains authentication, key exchange, encryption and digest 开发者_开发百科algorithms. But the X.509 certificate which server sends to client already contains the authetication algorithm, so why does SSL negotiate the authentication algorithm again?
The "cipher suite" is about support: the client and the server try to select a set of algorithms that they both know how to handle. For instance, if the client announces that it can use TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
, then the server knows that the client will know what to do with a DSS signature (computed over a Diffie-Hellman key exchange), and thus the server can use a certificate with a DSS public key. This makes sense if we suppose that the server has several certificates (with different key types): the server wants to send the client the "right" certificate.
(This is somewhat theoretical because in practice everybody supports and uses RSA -- or sometimes ephemeral Diffie-Hellman signed with RSA.)
First of all, as mentioned in Thomas' answer, cipher suite is about support (first of all). Next, SSL/TLS supports not only certificates for authentication, but also several other mechanisms.
But the X.509 certificate which server sends to client already contains the authetication algorithm, so why does SSL negotiate the authentication algorithm again?
Because you have it back to front. The authentication algorithm is negotiated first, then certificates that match that/those algorithm(s) are sent.
In addition to the previous replies (which are correct - the server will choose a certificate that matches the selected authentication algorithm), I should note that the X.509 certificate does not contain an authentication algorithm. An X.509 (or PKIX) certificate contains algorithm parameters. That is, RSA public keys, parameters for elliptic curves etc. Which authentication method you use (RSA encryption, or Diffie-Hellman with RSA signatures) is not mandated by the certificate. This is the part that is negotiated with TLS.
精彩评论