Cipher suites are sets of cryptographic algorithms (or ciphers) that are used to secure data transfer over a network connection using SSL/TLS. They define the method in which specific algorithms will be used to encrypt and decrypt data exchanged between a client (typically a browser) and a server (mostly a web server).
When a client initiates a connection with a server, the two parties engage in a complex process known as the SSL/TLS handshake to start communicating securely. This is where cipher suites are used.
The handshake process begins with the client presenting the list of TLS versions and cipher suites it is compatible with. The server compares the received list with its list and decides on the cipher suite that has to be used during the session. Once the server and the client agree on a common cipher suite, it is then used to establish a secure connection and start communicating.
Let’s take the example of the browser-web server communication. When a user visits an HTTPS website, the user is assured that the communication between the client (browser) and the web server is authentic and secure. This trust is made possible with cipher suites.
Cipher suites are an integral part of securing client-server communications. They are required to perform critical functions of the SSL/TLS handshake, such as authentication, key generation and exchange, and data encryption. Without cipher suites in place, there would be no authentication and encryption, rendering communications completely exposed to malicious actors and attacks.
Generally, a cipher suite is a combination of different types of algorithms provided to help organizations build security that best fits their business needs. Here are the four kinds of algorithms included:
To maintain data integrity during a server-client communication, the data needs to be encrypted. This process requires the server and the client to generate a shared key that they can use to encrypt and decrypt the data during that particular session. Since a single key is used for both encryption and decryption, it is called symmetric encryption.
The key exchange algorithm determines the method in which symmetric keys are exchanged between the client and the server, so they are known only to the connecting parties. Some of the most widely used key exchange algorithms are RSA (Rivest–Shamir–Adleman), DH (Diffie-Hellman), ECDH (Elliptic-curve Diffie-Hellman), and ECDHE (Elliptic-curve Diffie-Hellman Ephemeral).
To establish a secure connection, verifying the identity of the server and the user (if needed) is pivotal. User authentication is usually performed using a username and password provided by the user. The authentication algorithm specifies the process of authenticating these identities. RSA, ECDSA, and DSA are some examples of authentication algorithms.
This algorithm is responsible for the actual encryption of data. It determines the type of symmetric key that will be used to encrypt the data exchanged between the server and the client. AES, 3DES, and CAMELLA are some of the examples of bulk encryption algorithms.
Message Authentication Code (MAC) algorithm provides a mechanism (a hash function) for verifying the integrity of the data that is being transmitted. It is usually a piece of information that is sent along with the message to guarantee that it is not altered during transit. Examples of MAC algorithms include SHA256, MD5, and POLY1305.
To understand how these algorithms are represented in the naming of a cipher suite, let’s look at an example:
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
In the above cipher suite, TLS indicates the protocol being used, and the following elements refer to the different algorithms being used. DHE indicates the key exchange algorithm, RSA the authentication algorithm, AES256-CBC the bulk data encryption algorithm, and SHA256 the Message Authentication Code (MAC) algorithm.
As of 2022, TLS 1.2 is the most widely used TLS protocol, dominating east-west traffic. However, TLS 1.3 is the latest and recommended version. All TLS versions prior to TLS 1.2 have been deprecated because of their security vulnerabilities, like Heartbleed and POODLE.
To mitigate these vulnerabilities and prevent security issues, it is crucial to choose and use the latest versions of available cipher suites and disable obsolete suites. As noted by JSCAPE, to prevent attackers from exploiting the Logjam vulnerability to sabotage your connection, you must disable cipher suites that employ the Diffie-Hellman key exchange.
Here are some of the vulnerable ciphers that have been phased out with the release of TLS 1.3:
The reason why TLS 1.2 remains popular is because of the broad range of cipher suites it supports—37 cipher suites and four different algorithms or ciphers in each of them. However, not all are considered safe to use.
TLS 1.2 cipher suite ex: TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
On the other hand, in order to bring high security as well as high efficiency, TLS 1.3 supports only five secure cipher suites and only two algorithms—the bulk data encryption algorithm and the Message Authentication Code (MAC) algorithm. It eliminated the RSA algorithm that added to the latency, and the key exchange occurs only through the Diffie-Hellman algorithm. So, both the algorithms are dropped from the name of the cipher suite.
As the number of cipher suites has been reduced along with its length, there are fewer negotiations, resulting in a significantly faster handshake and better security when compared to TLS 1.2. Faster handshakes not only boost website performance but also enhance user experience.
TLS 1.3 cipher suite ex: TLS_AES_256_GCM_SHA384