What is a Cipher suite
What is a Cipher suite

If you need to improve the security of your website for example, one of the step will be to turn on TLS on it. If you want to go further, one another step is to analyze the SSL/TLS on your website using online tool like this one from Qualys

If you want to reach the “graal” (I mean the A+ grade), you will have to fine tune your SSL/TLS configuration and then the ciphers. I found this article very short and very easy to understand basically what is a cipher : wiki

Detailed description

Each named cipher suite, e.g. TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, defines a key exchange algorithm, a bulk encryption algorithm, a message authentication code (MAC) algorithm, and a pseudorandom function (PRF).

  • The key exchange algorithm, e.g. ECDHE_RSA, is used to determine if and how the client and server will authenticate during the handshake.
  • The bulk encryption algorithm, e.g. AES_128_GCM, is used to encrypt the message stream. It also includes the key size and the lengths of explicit and implicit initialization vectors (cryptographic nonces).
  • The message authentication code (MAC) algorithm, e.g. SHA256, is used to create the message digest, a cryptographic hash of each block of the message stream.
  • The pseudorandom function (PRF), e.g. TLS 1.2’s PRF using the MAC-algorithm’s hash function, is used to create the master secret, a 48-byte secret shared between the two peers in the connection. The master secret is used as a source of entropy when creating session keys, such as the one used to create the MAC.
Examples of algorithms used
  • key exchange/agreement: RSA, Diffie-Hellman, ECDH, SRP, PSK
  • authentication: RSA, DSA, ECDSA
  • bulk ciphers: RC4, Triple DES, AES, IDEA, DES, or Camellia
  • message authentication: for TLS, a Hash-based Message Authentication Code using MD5 or one of the SHA hash functions is used. For SSL, SHA, MD5, MD4, and MD2 are used.

My Powershell script categories

What is a Cipher suite

Leave a Reply

Your email address will not be published. Required fields are marked *