Cipher Suite Explained Component by Component
Source: Dev.to
Key Exchange
How the keys are exchanged.
- DH / DHE – Diffie‑Hellman (Ephemeral) – short‑lived keys
- ADH – Anonymous Diffie‑Hellman
- ECDHE – Elliptic Curve Diffie‑Hellman Ephemeral
- RSA – RSA key exchange
Authentication
Digital signature algorithms used to confirm that the client is communicating with the intended server. The server sends its certificate (containing the public key) to the client.
- RSA
- ECDSA – Elliptic Curve Digital Signature Algorithm
Bulk Encryption Cipher
Encrypts the data being transmitted. Two families of ciphers are used:
Stream Cipher
Operates on data one byte at a time, converting a shared key into a keystream that encrypts plaintext. The remote end generates the same keystream to decrypt.
Block Cipher
Operates on fixed‑size blocks of data. While stream ciphers are generally faster, block ciphers provide stronger security.
Common block ciphers:
- DES – 56‑bit key, 8‑byte blocks
- TDES (Triple DES) – 168‑bit key, 8‑byte blocks
- AES – 128‑bit block size (16 bytes), key sizes of 128, 192, or 256 bits
Example: AES (Advanced Encryption Standard)
Refer to Wikipedia for more details on bulk encryption algorithms.
Hash or MAC
MAC (Message Authentication Code) verifies the legitimacy and integrity of transmitted data, ensuring it has not been altered or tampered with.
- SHA family (e.g., SHA‑256)
- MD5 (now considered weak)