Understanding IDP Internet Key Exchange

Internet Key Exchange establishes a premaster secret that is used to generate symmetric keys for bulk data encryption and authentication. Section F.1.1 of RFC 2246 defines Transport Layer Security (TLS) authentication and key exchange methods. The two key exchange methods are:

Both RSA and Diffie-Hellman key exchange methods can use either a fixed or a temporary server key. IDP can successfully retrieve the premaster secret only if a fixed server key is used. Junos OS supports only the RSA key exchange method. For more information on Internet Key Exchange, see Understanding Certificates.

Note: Juniper IDP does not decrypt SSL sessions that use Diffie-Hellman key exchange.

Related Topics