Cipher Suite

A cipher suite , pronunciation : [ ˈsɑɪ · fər swiːt ], (German cipher collection ) is a standardized collection of cryptographic procedures, for example for encryption. One example of this is NSA Suite B Cryptography , which defines algorithms and protocols suitable for working in the government environment.

In the Transport Layer Security (TLS) protocol , the Cipher Suite specifies which algorithms are to be used to establish a secure data connection. Each cipher suite identifies a combination of four algorithms:

• Key exchange , e.g. E.g .: RSA , DH (also ADH, ECDH ), PSK , SRP
• Authentication , e.g. RSA , DSA (also ECDSA ), PSK
• Encryption (none, RC4 , DES , 3DES , IDEA , AES , ChaCha20 )
• Hash function ( MD5 , SHA )

The RFC 2246 specification defines certain cipher suites that can or must be supported by TLS clients and servers. Each of these cipher suites consists of two bytes and is uniquely named. For example, the name "TLS_RSA_WITH_3DES_EDE_CBC_SHA" (byte sequence 0x00,0x0a) designates a cipher suite that uses RSA for key exchange and authentication, and 3DES in CBC mode for encryption and SHA as a hash function. RFC 3268 extends the TLS protocol to include AES.

literature

• Eric Rescorla: SSL and TLS. Designing and Building Secure Systems . Addison-Wesley, Amsterdam 2001, ISBN 978-0-201-61598-2 . 
• Current guideline BSI TR-02102-2 "Cryptographic procedures: Use of Transport Layer Security (TLS)" , with a list of the recommended cipher suites for TLS 1.2 and 1.3; Status: February 2019