Cypher Suite
Set of algorithms that help secure a network connection.
Suites typically use Transport Layer Security
Contents of suite
A suite contains
- a key exchange algorithm: ECDHE , RSA
- authentication algorithm during handshake: RSA, ECDSA
- block encryption algorithm: AES
- hash function for HMAC and HKDF: SHA, MD5
Support in TLS
Till TLS 1.2, multiple combination of cypher suites were supported such as
- ECDHE-RSA-AES256-GCM-SHA256
- ECDHE-ECDSA-AES128-SHA
From TLS 1.3, support for many of the existing cypher suites have been dropped. Also, the cypher suite now only contains
- the record protection (symmetric encryption) algorithm (including secret key length)
- a hash to be used with both the HKDF and HMAC.
Example of TLS1.3 cypher suites:
- TLS_AES_128_GCM_SHA256
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
Support for many of the legacy RSA based and DH algorithms were removed.
It looks like TLS 1.3 is pushing towards to use of elliptical curve based algorithms, like ECDHE and ed25519 (EdDSA). TLS1.3 mandates forward secracy for all connections.
Many popular sites now use X25519 with AES_256_GCM as cypher suite.
See this for list of supported signature algorithm in the TLS 1.3
Also see this for list of supported key exchange algorithms.