SSL/TLS Cipher Suite

A cipher suite specifies one algorithm for each of the following tasks:

• Key exchange
• Bulk encryption
• Message authentication

So you may see something like: PSK-AES-SHA256

Key exchange algorithms

Key exchange algorithms protect information required to create shared keys. These algorithms are asymmetric (public key algorithms) and perform well for relatively small amounts of data.

Examples

We have targeted the 128-bit symmetric-equivalent security level, taking the following key lengths for each algorithm [1]:

• RSA (3072 bit),
• Diffie-Hellman (3072 bit),
• Elliptic curve Diffie-Hellman (NIST P-256, which has a 256 bit key length),
• Curve25519 (key length is fixed at 256 bit),

Bulk encryption algorithms

Bulk encryption algorithms encrypt messages exchanged between clients and servers. These algorithms are symmetric and perform well for large amounts of data.

Message authentication algorithms

Message authentication algorithms generate message hashes and signatures that ensure the integrity of a message.

Reference

• https://docs.microsoft.com/en-us/windows/desktop/secauthn/cipher-suites-in-schann
• https://en.wikipedia.org/wiki/Cipher_suite
• https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5551094/