Glossary of Security Terms: Cipher Suite

A cipher suite is a combination of a key exchange algorithm, authentication method, bulk encryption cipher, and message authentication code.

In a cryptosystem like TLS, the client and server must agree on a cipher suite before they can begin communicating securely.  A typical cipher suite looks like ECDHE_RSA_WITH_AES_128_GCM_SHA256 or ECDHE-RSA-AES128-GCM-SHA256, indicating:

• ECDHE (elliptic curve Diffie-Hellman ephemeral) for key exchange
• RSA for authentication
• AES-128 as the cipher, with Galois/Counter Mode (GCM) as the block cipher mode of operation
• SHA-256 as the hash-based message authentication code (HMAC)

Learn more

• Mozilla recommended cipher suite choices for TLS

View Previous Terms:

• Block cipher mode of operation
• Certificate authority
• Challenge-response authentication
• Cipher
• Ciphertext
• CORS
• CORS-safelisted request header
• CORS-safelisted response header
• Cross-site scripting
• Cryptanalysis
• Cryptographic hash function
• Cryptography
• CSP
• CSRF
• Decryption
• Digital certificate
• DTLS (Datagram Transport Layer Security)
• Encryption
• Forbidden header name
• Forbidden response header name
• Hash
• HMAC
• HPKP
• HSTS
• HTTPS
• Key
• MitM
• OWASP
• Preflight request
• Public-key cryptography
• Reporting directive
• Robots.txt
• Same-origin policy
• Session Hijacking
• SQL Injection
• Symmetric-key cryptography
• TOFU
• Transport Layer Security (TLS)

Credits

• Source: https://developer.mozilla.org/en-US/docs/Glossary/Cipher_suite
• Published under Open CC Attribution ShareAlike 3.0 license