Cipher suite
Encyclopedia
A cipher suite is a named combination of authentication
, encryption
, and message authentication code
(MAC) algorithm
s used to negotiate the security settings for a network connection using the Transport Layer Security
(TLS) or Secure Sockets Layer (SSL) network protocol.
The structure and use of the cipher suite concept is defined in the documents that define the protocol (RFC 5246 standard for TLS version 1.2). A reference for named cipher suites is provided in RFC 2434, the TLS Cipher Suite Registry.
, known as the TLS Handshake Protocol, occurs. Within this handshake, a client hello (ClientHello) and a server hello (ServerHello) message is passed. (RFC 5246, p. 37) First, the client sends a cipher suite list, a list of the cipher suites that it supports, in order of preference. Then the server replies with the cipher suite that it has selected from the client cipher suite list. (RFC 5246, p. 40)
In order to test which TLS ciphers that a server supports an SSL/TLS Scanner may be used.
(MAC) algorithm, and a pseudorandom function
(PRF). (RFC 5246, p. 40)
, SRP
, PSK
authentication: RSA, DSA
, ECDSA
bulk ciphers: RC4, Triple DES
, AES
, IDEA
, DES
, or Camellia
. In older versions of SSL, RC2
was also used.
message authentication: for TLS, a Hash-based Message Authentication Code
using MD5
or one of the SHA hash functions
is used. For SSL, SHA
, MD5
, MD4
, and MD2 are used.
CipherSuite cipher_suites: a list of the cryptographic options supported by the client (RFC 5246, p. 41)
CipherSuite cipher_suite: the cipher suite selected by the server and revealed in the ServerHello message (RFC 5246, p. 42-43, 64)
Authentication
Authentication is the act of confirming the truth of an attribute of a datum or entity...
, encryption
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
, and message authentication code
Message authentication code
In cryptography, a message authentication code is a short piece of information used to authenticate a message.A MAC algorithm, sometimes called a keyed hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC...
(MAC) algorithm
Algorithm
In mathematics and computer science, an algorithm is an effective method expressed as a finite list of well-defined instructions for calculating a function. Algorithms are used for calculation, data processing, and automated reasoning...
s used to negotiate the security settings for a network connection using the Transport Layer Security
Transport Layer Security
Transport Layer Security and its predecessor, Secure Sockets Layer , are cryptographic protocols that provide communication security over the Internet...
(TLS) or Secure Sockets Layer (SSL) network protocol.
The structure and use of the cipher suite concept is defined in the documents that define the protocol (RFC 5246 standard for TLS version 1.2). A reference for named cipher suites is provided in RFC 2434, the TLS Cipher Suite Registry.
Use
When a TLS connection is established, a handshakingHandshaking
In information technology, telecommunications, and related fields, handshaking is an automated process of negotiation that dynamically sets parameters of a communications channel established between two entities before normal communication over the channel begins...
, known as the TLS Handshake Protocol, occurs. Within this handshake, a client hello (ClientHello) and a server hello (ServerHello) message is passed. (RFC 5246, p. 37) First, the client sends a cipher suite list, a list of the cipher suites that it supports, in order of preference. Then the server replies with the cipher suite that it has selected from the client cipher suite list. (RFC 5246, p. 40)
In order to test which TLS ciphers that a server supports an SSL/TLS Scanner may be used.
Detailed description
Each named cipher suite defines a key exchange algorithm, a bulk encryption algorithm, a message authentication codeMessage authentication code
In cryptography, a message authentication code is a short piece of information used to authenticate a message.A MAC algorithm, sometimes called a keyed hash function, accepts as input a secret key and an arbitrary-length message to be authenticated, and outputs a MAC...
(MAC) algorithm, and a pseudorandom function
Pseudorandom function
In cryptography, a pseudorandom function family, abbreviated PRF, is a collection of efficiently-computable functions which emulate a random oracle in the following way: no efficient algorithm can distinguish between a function chosen randomly from the PRF family and a random oracle...
(PRF). (RFC 5246, p. 40)
- The key exchange algorithm is used to determine if and how the client and server will authenticate during the handshake. (RFC 5246, p. 47).
- The bulk encryption algorithm is used to encrypt the message stream. It also includes the key size and the lengths of explicit and implicit initialization vectorInitialization vectorIn cryptography, an initialization vector is a fixed-size input to a cryptographic primitive that is typically required to be random or pseudorandom...
s (cryptographic nonceCryptographic nonceIn security engineering, nonce is an arbitrary number used only once to sign a cryptographic communication. It is similar in spirit to a nonce word, hence the name. It is often a random or pseudo-random number issued in an authentication protocol to ensure that old communications cannot be reused...
s). (RFC 5246, p. 17) - The message authentication code (MAC) algorithm is used to create the message digest, a cryptographic hash of each blockBlock (telecommunications)In telecommunications a block is one of:* A group of bits or digits that is transmitted as a unit and that may be encoded for error-control purposes....
of the message stream. (RFC 5246, p. 17) - The pseudorandom function (PRF) is used to create the master secret, a 48-byte secret shared between the two peers in the connection. The master secret is used as a source of entropy when creating session keys, such as the one used to create the MAC. (RFC 5246, p. 16-17, 26)
Examples of algorithms used
key exchange: RSA, Diffie-Hellman, ECDHElliptic Curve Diffie-Hellman
Elliptic curve Diffie–Hellman is a key agreement protocol that allows two parties, each having an elliptic curve public-private key pair, to establish a shared secret over an insecure channel. This shared secret may be directly used as a key, or better yet, to derive another key which can then be...
, SRP
Secure remote password protocol
The Secure Remote Password protocol is a password-authenticated key agreement protocol.- Overview :The SRP protocol has a number of desirable properties: it allows a user to authenticate themselves to a server, it is resistant to dictionary attacks mounted by an eavesdropper, and it does not...
, PSK
Pre-shared key
In cryptography, a pre-shared key or PSK is a shared secret which was previously shared between the two parties using some secure channel before it needs to be used. To build a key from shared secret, the key derivation function should be used. Such systems almost always use symmetric key...
authentication: RSA, DSA
Digital Signature Algorithm
The Digital Signature Algorithm is a United States Federal Government standard or FIPS for digital signatures. It was proposed by the National Institute of Standards and Technology in August 1991 for use in their Digital Signature Standard , specified in FIPS 186, adopted in 1993. A minor...
, ECDSA
Elliptic Curve DSA
The Elliptic Curve Digital Signature Algorithm is a variant of the Digital Signature Algorithm which uses Elliptic curve cryptography.-Key and signature size comparison to DSA:...
bulk ciphers: RC4, Triple DES
Triple DES
In cryptography, Triple DES is the common name for the Triple Data Encryption Algorithm block cipher, which applies the Data Encryption Standard cipher algorithm three times to each data block....
, AES
Advanced Encryption Standard
Advanced Encryption Standard is a specification for the encryption of electronic data. It has been adopted by the U.S. government and is now used worldwide. It supersedes DES...
, IDEA
International Data Encryption Algorithm
In cryptography, the International Data Encryption Algorithm is a block cipher designed by James Massey of ETH Zurich and Xuejia Lai and was first described in 1991. As a block cipher, it is also symmetric. The algorithm was intended as a replacement for the Data Encryption Standard[DES]...
, DES
Data Encryption Standard
The Data Encryption Standard is a block cipher that uses shared secret encryption. It was selected by the National Bureau of Standards as an official Federal Information Processing Standard for the United States in 1976 and which has subsequently enjoyed widespread use internationally. It is...
, or Camellia
Camellia (cipher)
In cryptography, Camellia is a 128-bit block cipher jointly developed by Mitsubishi and NTT. The cipher has been approved for use by the ISO/IEC, the European Union's NESSIE project and the Japanese CRYPTREC project...
. In older versions of SSL, RC2
RC2
In cryptography, RC2 is a block cipher designed by Ron Rivest in 1987. "RC" stands for "Ron's Code" or "Rivest Cipher"; other ciphers designed by Rivest include RC4, RC5 and RC6....
was also used.
message authentication: for TLS, a Hash-based Message Authentication Code
HMAC
In cryptography, HMAC is a specific construction for calculating a message authentication code involving a cryptographic hash function in combination with a secret key. As with any MAC, it may be used to simultaneously verify both the data integrity and the authenticity of a message...
using MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
or one of the SHA hash functions
SHA hash functions
In cryptography, SHA-1 is a cryptographic hash function designed by the United States National Security Agency and published by the United States NIST as a U.S. Federal Information Processing Standard. SHA stands for "secure hash algorithm". The three SHA algorithms are structured differently and...
is used. For SSL, SHA
Sha
For other uses, see Sha .Sha is a letter of the Cyrillic alphabet. It commonly represents the voiceless postalveolar fricative , like the pronunciation of ⟨sh⟩ in "sheep", or the somewhat similar voiceless retroflex fricative . It is used in every variation of the Cyrillic alphabet, for Slavic and...
, MD5
MD5
The MD5 Message-Digest Algorithm is a widely used cryptographic hash function that produces a 128-bit hash value. Specified in RFC 1321, MD5 has been employed in a wide variety of security applications, and is also commonly used to check data integrity...
, MD4
MD4
The MD4 Message-Digest Algorithm is a cryptographic hash function developed by Ronald Rivest in 1990. The digest length is 128 bits. The algorithm has influenced later designs, such as the MD5, SHA-1 and RIPEMD algorithms....
, and MD2 are used.
Programming references
Programatically, a cipher suite is referred to as:CipherSuite cipher_suites: a list of the cryptographic options supported by the client (RFC 5246, p. 41)
CipherSuite cipher_suite: the cipher suite selected by the server and revealed in the ServerHello message (RFC 5246, p. 42-43, 64)