Overview#

Cipher Suite defines the cryptographic Primitives or algorithms that are utilized in a particular TLS/SSL session

Cipher Suite SSL/TLS #

A SSL/TLS Cipher Suite is a 16-bit symbolic identifier for a set of cryptographic algorithms as listed in the TLS Cipher Suite Registry

For instance, the TLS_RSA_WITH_AES_128_CBC_SHA Cipher Suite has value 0x002F, and means

There are many Known Cipher Suites and for TLS they are all supposedly registered at the TLS Cipher Suite Registry

Cipher suites are written like this:

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
which roughly breaks down into the following parameters:

TLS_NULL_WITH_NULL_NULL #

TLS_NULL_WITH_NULL_NULL is specified and is the initial state of a TLS connection during the first handshake (ClientHello) on that channel, but MUST NOT be negotiated, as it provides no more protection than an unsecured connection. This is defined in RFC 5246

Anonymous Cipher Suite#

Notes on Cipher Suite SSL/TLS #

The order in the ClientHello shows what the client prefers, i.e. the preferred ciphers are on top.

The server is still free to ignore this order and pick what it thinks is best.

Often there is a related setting in the TLS configuration of the server, like SSLHonorCipherOrder for apache or ssl_prefer_server_ciphers for NGINX.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-24) was last changed on 17-Jul-2017 10:09 by jim