jspωiki
Cipher Suite

Overview#

Cipher Suite (Cipher_suites) defines the cryptographic Primitives or algorithms that are utilized in a particular TLS/SSL session

Cipher Suite SSL/TLS #

A SSL/TLS Cipher Suite is a 16-bit symbolic identifier for a set of cryptographic algorithms as listed in the TLS Cipher Suite Registry

For instance, the TLS_RSA_WITH_AES_128_CBC_SHA Cipher Suite has value 0x002F, and means

There are many Known Cipher Suites and for TLS they are all supposedly registered at the TLS Cipher Suite Registry

Cipher suites are written like this:

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
which roughly breaks down into the following parameters:

Special Cipher Suite:#

There are a couple of Cipher Suite that are special

Cipher Suite SSL/TLS #

The order in the ClientHello shows what the client prefers, i.e. the preferred ciphers are on top.

The server is still free to ignore this order and pick what it thinks is best.

Often there is a related setting in the TLS configuration of the server, like SSLHonorCipherOrder for apache or ssl_prefer_server_ciphers for NGINX.

Cipher Suite Kerberos Encryption Types#

Kerberos Encryption Types are similar to Cipher Suite used in Kerberos

More Information#

There might be more information for this subject on one of the following: