Can a SSL Certificate dictate protocol?

.. to only work with certain protocols? .. to only work with certain ciphers?

Certificates are mostly protocol independent.

But there is a slight correlation between certificate and cipher: one part of the cipher specifies the authentication algorithm and the possible algorithms depend on the kind of certificate. This means that you cannot use a RSA certificate with a *_ECDSA_* cipher and no ECDSA certificate with RSA key exchange. There are also ECDH (not ECDHE) and DH (not DHE) ciphers which require specific information in the certificate. But the choice of symmetric encryption (i.e. AES, RC4...) and the HMAC is independent from the certificate.

Which means the type of certificate limits which ciphers can be used but you cannot restrict the possible ciphers or protocols directly with some information in the certificate.

Can a SSL Certificate dictate protocol?

Tags:

Openssl

Certificate Authority

Certificates

Tls

Related

Recent Posts