TLS Cipher Suites Overview
|
Applied version
|
TLS Cipher Suites Overview
What is a TLS cipher suite
- TLS cipher suites: a complete set of methods (algorithm) needed to secure a network connection through TLS.
- TLS cipher suites: a group of cipher suites (offers by SSL client in the Client Hello)
- TLS 1.2 Cipher Suite combination:
- Key Exchange Algorithm (RSA, DH, ECDH, DHE, ECDHE, PSK)
- > Dictates the manner by which symmetric keys will be exchanged
- Authentication/Digital Signature Algorithm (RSA, ECDSA, DSA)
- > Dictates how server authentication and (if needed) client authentication will be carried out.
- Bulk Encryption Algorithm (AES, CHACHA20, Camellia, ARIA)
- > Dictates which symmetric key algorithm will be used to encrypt the actual data.
- Message Authentication Code Algorithm (SHA-256, POLY1305)
- > Dictates the method the connection will use to carry out data integrity checks.
- Key Exchange Algorithm (RSA, DH, ECDH, DHE, ECDHE, PSK)
Example of TLS 1.2 cipher suite
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS is the protocol
- ECDHE is the key exchange algorithm
- ECDSA is the authentication/signature algorithm
- AES_128_GCM is the bulk encryption algorithm
- AES with 128-bit key using GCM (Galois/Counter Mode) as mode of operation
- SHA256 is the MAC / hash algorithm
- SHA with 256-bit key
The most secure algorithms are:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
They have Perfect Forward Secrecy and Authenticated Encryption.
The mid-secure (warning) algorithms are:
- TLS_ECDHE_ECDSA_WITH_RC4_128_SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_RC4_128_SHA
- TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
They have Perfect Forward Secrecy but no Authenticated Encryption.
The dangerous algorithms are:
- TLS_RSA_WITH_RC4_128_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
They have no Perfect Forward Secrecy.
Example of TLS 1.3 cipher suite
TLS_AES_256_GCM_SHA384
- TLS is the protocol
- AES_256_GCM is the bulk encryption algorithm
- AES with 256-bit key using GCM (Galois/Counter Mode) as mode of operation
- SHA384 is the MAC / hash algorithm
- SHA with 384-bit key
- Signature algorithms are now negotiated independently, no longer listed in the cipher suite
- There are two extensions for indicating which signature algorithms may be used in digital signatures
- > “signature_algorithms_cert” extension
- > “signature_algorithms” extension
- It supports RSA and ECDSA
- There are two extensions for indicating which signature algorithms may be used in digital signatures
- Key exchange algorithms are now negotiated independently, using the “supported_group” extension
- It support ECDHE and DHE
TLS 1.3 has eliminated:
- SSL Compression
- Static key exchange functions
- Block ciphers (CBC)
- Non-AEAD ciphers (MAC-then-Encrypt)
- Renegotiation of encryption parameters
It’s also dropped support for older, vulnerable SSL ciphers like:
- RC4, DSA, MD5, SHA1
- Weak Elliptic Curves, RSA Key Exchange, Static Diffie-Hellman (DH, ECDH)
Recommended cipher suites list
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
- TLS_AES_128_GCM_SHA256
- TLS_AES_128_CCM_8_SHA256
- TLS_AES_128_CCM_SHA256
0 Comments