Overview#NSA Suite B Cryptography (Suite B) is a National Security Agency (NSA) recommended a set of interoperable cryptographic algorithms.
NSA Suite B Cryptography:
- encryption algorithm (AES)
- key-Exchange algorithm (Elliptic Curve Diffie-Hellman, also known as ECDH)
- digital Signature algorithm (Elliptic Curve Digital Signature Algorithm (ECDSA)
- hashing algorithms (SHA-256 or SHA-384)
Additionally, the IETF RFC 6460 standard specifies NSA Suite B Cryptography compliant profiles which define the detailed application configuration and behavior necessary to comply with the NSA Suite B Cryptography standard. RFC 6460 defines two profiles:
- NSA Suite B Cryptography compliant profile for use with TLS 1.2. When configured for Suite B compliant operation, only the restricted set of cryptographic algorithms listed above will be used.
- A transitional profile for use with TLS 1.0 or TLS 1.1. This profile enables interoperability with non-NSA Suite B Cryptography compliant servers. When configured for NSA Suite B Cryptography transitional operation, additional encryption and hashing algorithms