I want to create a TLS Socket connection. I know TLS has a few ways to exchange the key eg. RSA, Diffie-Hellman, etc. How can I force the use of Diffie-Hellman key exchange instead of other forms of key exchange?
I know that if using Diffie-Hellman key exchange, it is vulnerable to man-in-middle attack. When using RSA, we have server authentication which prevents MITM. But one concern I have is that using RSA prohibits the forward secrecy.
What should I do?
Specifying the key exchange method is done by choosing a cipher suite that supports that key exchange method.
You can the cipher suite on an
The tables of supported cipher suites and those enabled by default with the Oracle JRE are available in the SunJSSE provider documentation.
The anonymous cipher suites (
_DH_anon_) are the ones that are vulnerable to MITM attacks.
_DH_DSA_ cipher suites also use RSA or DSA for the authentication of the DH key exchange (not for the key exchange itself), to prevent MITM attacks. In addition, the Ephemeral DH cipher suites (those that contain
_ECDHE_ for the elliptic curve variant) provide Perfect Forward Secrecy. (The non-ephemeral
_DH_DSA_ cipher suites are not supported by the Sun JSSE provider anyway.)