Negotiating a Cipher Suite

A cipher suite is a collection of information that dictates how data and messages are transferred between clients and servers. This information includes encryption mode, mutual authentication mode, message authentication mode, etc. TLS supports several different cipher suites; however, currently LEADTOOLS supports only those specified by the DicomTlsCipherSuiteType enumeration. Before the client and server can begin transferring data and messages they must negotiate the cipher suite to use.

The client sends the server a list of cipher suites that it understands. These are sent in order of preference. To get or set the cipher suites at specific indices within the list, use the DicomNet.GetTlsCipherSuiteByIndex and DicomNet.SetTlsCipherSuiteByIndex methods. The server selects the first cipher suite that it understands. If this is acceptable to both sides, this is the cipher suite selected for use. Once a cipher suite has been negotiated, the selected cipher suite can be obtained by calling DicomNet.GetTlsCipherSuite.

Once the negotiated cipher suite is known, information associated with this cipher suite can be obtained using the following methods:

DicomNet.GetTlsAuthenticationAlgorithm

DicomNet.GetTlsIntegrityAlgorithm

DicomNet.GetTlsKeyExchangeAlgorithm

DicomNet.GetTlsEncryptionKeyLength

DicomNet.GetTlsMutualAuthenticationKeyLength