Cipher Suite
What is Cipher Suite?
Cipher SuiteA named combination of cryptographic algorithms — key exchange, authentication, bulk encryption, and integrity — negotiated by protocols such as TLS for a given session.
A cipher suite specifies the bundle of algorithms used by a secure protocol to protect a session. In TLS 1.2, a suite like TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 selects ECDHE for key exchange, RSA for authentication, AES-128-GCM for encryption, and SHA-256 for PRF. TLS 1.3 simplified the model by separating key exchange and signatures from the AEAD: only five suites remain (e.g., TLS_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256). Selecting strong suites — and disabling weak or legacy ones such as RC4, 3DES, export-grade DH, and anonymous (aDH/aECDH) — is a critical TLS hardening step. Tools like SSL Labs, testssl.sh, and configuration guides from Mozilla, NIST, and the BSI codify safe defaults.
● Examples
- 01
TLS_AES_256_GCM_SHA384 is a recommended TLS 1.3 cipher suite.
- 02
Legacy systems still offering TLS_RSA_WITH_3DES_EDE_CBC_SHA should be retired.
● Frequently asked questions
What is Cipher Suite?
A named combination of cryptographic algorithms — key exchange, authentication, bulk encryption, and integrity — negotiated by protocols such as TLS for a given session. It belongs to the Cryptography category of cybersecurity.
What does Cipher Suite mean?
A named combination of cryptographic algorithms — key exchange, authentication, bulk encryption, and integrity — negotiated by protocols such as TLS for a given session.
How do you defend against Cipher Suite?
Defences for Cipher Suite typically combine technical controls and operational practices, as detailed in the full definition above.