Cipher suites are sets of instructions on how to secure a network through SSL (Secure Sockets Layer) or TLS (Transport Layer Security). As such, cipher suites provide essential information on how to communicate secure data when using HTTPS, FTPS, SMTP and other network protocols. This information takes the form of algorithms and protocols that help determine how a web server secures a client’s web traffic. Cipher suites dictate which of these algorithms the server should use to make a secure and reliable connection. But it’s important to remember that cipher suites do not just ensure the security, but also the compatibility and performance of HTTPS connections. So, you should choose yours wisely.
How do cipher suites work?
Cipher suites come into play before a client application and server exchange information over an SSL/TLS connection. As noted by JSCAPE, the client application initiates what is known as an SSL handshake. Part of that process involves notifying the server which cipher suites it supports. The server receives that information and compares the cipher suites supported by the client application with the algorithms it supports. If and when it finds a match of supported methods, the server notifies the client application and a secure connection is established. If it doesn’t find a match, the server refuses the connection.
Because your web server will ultimately determine the cipher suite that will be used, it’s important that you prioritize the list of cipher suites you list on the server. In the section below, we’ll outline the component algorithms that make up a cipher suite, so you can better understand the function of the ciphers you list on your web server. Your choice will also likely be influenced by your users and the technologies they are using.
PKI: Are You Doing It Wrong?
What Makes Up a Cipher Suite?
Per Outspoken Media, there are four components that make up a cipher suite. These are as follows:
Key exchange algorithm
For the insurance of data confidentiality during the transmission of data via different secure file transfer protocols like SFTP & HTTPS, the data has to be encrypted. This process requires that the two communicating parties have a shared key to both encrypt as well as decrypt the data. This type of encryption scheme is known as symmetric encryption.
Symmetric encryption does have its weaknesses, however. If attackers are able to get the shared key, then they can easily decrypt all the data. As a result, the industry developed key exchange protocols for the secure exchange of symmetric keys over insecure networks. These protocols are known as key exchange algorithms and include RSA, DH, ECDH and ECDHE.
Authentication algorithm
To ensure the correct and secure transfer of data, a web server needs to verify the identity of the user who is receiving the data. Usually, this process involves the user inputting a set of credentials including a username and password. To facilitate this authentication process, cipher suites employ an authentication algorithm such as RSA, DSA and ECDSA.
Bulk data encryption
To ensure the secure transfer of data, cipher suites come with a bulk data encryption algorithm. AES, 3DES and CAMELLA are some of the most common algorithms in this category. As noted by Microsoft, a bulk encryption key is generated by hashing one of the MAC keys using CryptHashSessionKey together with the message contents and other data.
Message Authentication Code (MAC) algorithm
Message Authentication Code (MAC) algorithm is a piece of information that is sent along with the message content for the purpose of authenticating the message. The sender and the receiver share a common key for the MAC algorithm to work. But this method comes with a disadvantage: it can’t protect against the intentional change of authentication codes. In certain cases, an intruder could change the message, then calculate a new checksum and eventually replace the original checksum with a new value. An ordinary cyclic redundancy check (CRC) algorithm can help, but it’s useful for detecting only randomly damaged parts of messages and not intentional changes made by the attacker. Some of the most common examples of this algorithm are SHA and MD5.
What a Cipher Suite Looks Like
Put together, here is an example of a cipher suite name: DHE_RSA_AES256_SHA256. This particular cipher suite uses DHE for its key exchange algorithm, RSA as its authentication algorithm, AES256 for its bulk data encryption algorithm, and SHA256 for its Message Authentication Code (MAC) algorithm.
Weaknesses Related to Cipher Suites
Several network-level vulnerabilities have emerged in the past. Among them were SSL/TLS-based vulnerabilities like Heartbleed and POODLE. To mitigate these vulnerabilities, organizations should use different versions of available cipher suites or disable the acceptance of vulnerable suites. For example, to defend against POODLE, SSLv3 needs to be disabled. Disabling cipher suites can sometimes result in compatibility issues, but JSCAPE points out that most of the major web browsers update their cipher suites following the release of an SSL/TLS-based vulnerability anyway. Organizations should therefore advise web users to install the latest software patches in order to avoid compatibility issues.
Cipher Suites supported in TLS 1.2 and TLS 1.3
TLS 1.2, version of TLS that has had the highest adoption rates, has 37 ciphers in total. However, not all of them are safe enough to use. So, the recommended cipher suites has been pared down to the following:
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA
- TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
- TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
TLS 1.3 was developed to resolve one of the most significant downsides of TLS 1.2: the time it took to process the SSL/TLS handshake. TLS 1.3 eliminated the RSA algorithm, which used large cryptographic keys to encrypt and decrypt data. So, SSL cipher suites no longer list the type of certificate—either RSA or ECDSA—and the key exchange mechanism—DHE or ECDHE. That dramatically reduces the SSL cipher suite list for TLS 1.3, where there are now five recommended SSL cipher suites:
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_GCM_SHA256
- TLS_AES_128_CCM_8_SHA256
- TLS_AES_128_CCM_SHA256
Going Beyond Cipher Suites
Of course, cipher suites are just one method of security that organizations should employ. Companies also need to make sure they defend the SSL/TLS certificates against digital attackers. To achieve this level of protection, organizations should consider investing in a solution that helps them automatically discover all of their encryption keys and certificates, monitor those assets for signs of misuse, revoke a compromised asset and renew certificates before their expiration period arrives.
(Note: This updated post was originally published on March 19, 2019.)