Negotiating a Ciphersuite

A ciphersuite is a collection of information that dictates how data and messages are transferred between clients and servers. This information includes encryption mode, mutual authentication mode, message authentication mode, etc. TLS supports several different ciphersuites, however, currently LEADTOOLS supports only those listed in Supported Ciphersuites. Before the client and server can begin transferring data and messages, they must negotiate the ciphersuite to use.

The client sends the server a list of ciphersuites that it understands. These are sent in order of preference. To get or set the ciphersuites at specific indices within the list, use the GetCipherFromIndexTLS and SetCipherToIndexTLS. The server selects the first ciphersuite that it understands. If this is acceptable to both sides, this is the ciphersuite selected for use. Once a ciphersuite has been negotiated, the selected ciphersuite can be obtained by calling GetCiphersuiteTLS.

Once the negotiated ciphersuite is known, information associated with this ciphersuite can be obtained using the following functions:

GetAuthenticationAlgorithmTLS

GetIntegrityAlgorithmTLS

GetKeyExchangeAlgorithmTLS

GetEncryptKeyLengthTLS

GetMutualAuthKeyLengthTLS