A junior SOC analyst captures the beginning of a TLS 1.2 handshake in Wireshark. The Server Hello advertises the cipher suite TLS_DHE_RSA_WITH_AES_128_GCM_SHA256. The lead analyst explains that the three-letter component DHE designates a mechanism that performs an asymmetric key exchange so the client and server can agree on a premaster secret, after which the negotiated AES cipher protects all remaining traffic-providing perfect forward secrecy for the session. Which technique is represented by DHE in this cipher suite?
Diffie-Hellman Ephemeral (DHE) is the key-agreement protocol identified by the DHE string in a TLS cipher suite. During the handshake, each side generates a temporary Diffie-Hellman key pair and exchanges the public values. This asymmetric exchange yields a shared premaster secret that never traverses the network in plaintext. TLS then derives symmetric session keys (for example, AES-128-GCM) from that secret, and all subsequent packets are encrypted symmetrically. Because new DH values are generated for every handshake, DHE also delivers perfect forward secrecy. ECDH-static and RSA key transport rely on asymmetric cryptography but either reuse long-term keys or lack forward secrecy, and AES itself is purely symmetric.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is perfect forward secrecy (PFS)?
Open an interactive chat with Bash
How does Diffie-Hellman Ephemeral (DHE) differ from Elliptic Curve Diffie-Hellman (ECDH)?
Open an interactive chat with Bash
What role does AES-128-GCM play in the TLS session after the DHE key exchange?