0 votes
by (150 points)

I've made a successful connection to an FTP server by specifying TlsCipherSuite.All and I get these lines back in the log. I'm just wondering to which cipher suite this would correspond so that I don't have to specify All (seems to take a long time to negotiate).

Control connection was secured using TLS12.
Control connection is using cipher TLS 1.2, RSA with ephemeral Elliptic Curve Diffie-Hellman, AES with 128-bit key in GCM mode, AEAD.

Thanks!

Applies to: Rebex TLS, Rebex FTP/SSL
by (150 points)
Actually I found TlsCipherSuite.RSA_WITH_AES_128_GCM_SHA256 and tried that.  It connected successfully and I got back these lines (so almost the same thing).  Seems close enough for me :)

Control connection was secured using TLS12.
Control connection is using cipher TLS 1.2, RSA, AES with 128-bit key in GCM mode, AEAD.

1 Answer

0 votes
by (148k points)

ECDHE_RSA_WITH_AES_128_GCM_SHA256 is the cipher that corresponds to "TLS 1.2, RSA with ephemeral Elliptic Curve Diffie-Hellman, AES with 128-bit key in GCM mode, AEAD". RSA_WITH_AES_128_GCM_SHA256 is very similar, but uses RSA instead of Elliptic Curve Diffie Hellman for key exchange (see the list of supported ciphers).

However, specifying TlsCipherSuite.All should not take longer time to negotiate - the TLS server chooses a single cipher each time and there is no additional overhead. If might be interesting to try connecting with ECDHE_RSA_WITH_AES_128_GCM_SHA256 to see whether it takes longer as well (in general, ECDH key exchange should be actually be faster that RSA key exchange).

...