In fact, it`s a little more complicated. If the RSA key is used, precise method (exchange or agreement is negotiated during the TLS hand hook). OpenSSL documentation for chord functions is available here: Manual:EVP_PKEY_derive (3). There is also an example of using the API on the Elliptic Curve Diffie Hellman page. A large number of cryptographic authentication schemes and protocols have been developed to provide key authenticated agreements to prevent man-in-the-middle and related attacks. These methods usually mathematically link the agreed key to other agreed data, such as. B the following: they can only use EVP_PKEY types that support the key agreement (currently only DH and ECDH). In the code example above, the common secret key must be clearly “released” with OPENSSL_free as soon as it is no longer needed. The algorithms of the password-authenticated key agreement can perform a cryptographic exchange of keys in which a user`s password is known. However, why do you need the configuration in the model – if the encryption/key agreement is defined by the chosen asymmetric algorithm? Authenticated key protocols require the separate setting of a password (which can be smaller than a key) in a way that is both private and integrity. These are designed to withstand man-in-the-middle attacks and other active attacks against the password and established keys.
For example, DH-EKE, SPEKE, and SRP are authenticated variations of Diffie-Hellman. TLS 1.3 now has a radically simpler encryption negotiation model and a reduced set of important options (no RSA, no custom DH settings). This means that each connection uses a key agreement based on DH and the parameters supported by the server are probably easy to guess (ECDHE with X25519 or P-256). . . .