How to add our generated session encryption algorithm to a (main) browser using OpenSSL
I am new to OpenSSL and have some theoretical background in SSL protocol. I have a task to create a certificate that uses RSA algorithm for symmetric session key exchange and use my own encryption algorithm called FooSymmetricAlgorithm
for symmetric session key. I need the browser and web server to be able to use FooSymmetricAlgorithm
both symmetric algorithm. I know I can import my root certificate into the browser, but I guess that doesn't mean I can add an algorithm to the browser browser . My problem is that I can tell the browser to use FooSymmetricAlgorithm
for the session key and encryption . It doesn't matter to the browser. It is enough to have a browser and I will only use it for testing purposes.
I want to know if there is any way, when I send a digital certificate to the browser, the browser is forced to use mine FooSymmetricAlgorithm
to encrypt the data? I mean, is there a way to add my algorithm to the browser?
source to share
My problem is that I can tell the browser to use FooSymmetricAlgorithm for the session key and encryption.
You have to add your own cipher suite to the browser, which means changes to the source code in NSS (Chrome, Firefox). Then you need to make changes to the TLS stack used by the server and add the cipher suite there. For details on how to do this, see Implementing existing cipher suites in OpenSSL and / or NSS. Since the cipher suite is not IANA assigned , you must use one of the cipher IDs marked for personal use.
If done correctly, the browser will announce support for the new cipher suite and the server will use it. But this whole process is not as easy as adding the root certificate, which means it involves many encodings, reading existing source code, etc.
source to share