SSL Cipher Suites – Basics and Use Cases
When a message is sent across a connection, normally a TLS/SSL connection is used to encrypt the data in the message. To create this connection, a TLS Handshake occurs. Inside of that Handshake, the client and server exchange available cipher suites to ensure they use the same ciphers during the TLS Handshake.
How does a TLS handshake work?

- Client Hello
The client hello stage involves the client sending a request to the server to communicate. The TLS version, cipher suites supported, and a string of random bytes known as the “client random” are included in the hello.
- Server Hello
In the server hello, the server acknowledges the client hello and ensures it is using a TLS version that is compatible with the client TLS version. The server also selects a compatible cipher suite from the ones offered by the client, and sends its certificate, the server random (similar to the client random), and the public key to the client.
- Certificate Validation
The validity of the server’s certificate is then checked by the client through the certificate authority. The certificate authority, or CA, is a highly trusted entity given the responsibility of signing and generating digital certificates.
- Pre-Master String
In this stage, the client encrypts a random string of bytes, called the “Pre-Master String”, with the server’s public key and sends it back to the server. This ensures that only the server can decrypt the key with its own private key, which adds an extra layer of security to the process.
- Session Key Creation
The server then decrypts the pre-master key, and both the client and server create session keys from the client random, the server random, and the premaster string.
- Finished Messaging
Finally, the client and server send each other messages saying they have finished creating their keys, and they compare keys with each other. If the session keys match, the TLS Handshake is completed, and the session keys are used to encrypt and decrypt any data sent between the server and client.
Now that we understand how a TLS Handshake works, we can focus on cipher suites in a TLS Handshake specifically.
Cipher Suites
- Key Exchange Algorithm
The information exchange process requires a secure connection to send unencrypted data, or a key shared between the client and server. This key will be used by the client to encrypt data and the server to decrypt that data. Since one key is used for both encryption and decryption, symmetric encryption is being used. To share that key, an algorithm, called the key exchange algorithm, was created to encrypt the symmetric encryption key in transfer. This ensures the integrity of the data as well as the security of the symmetric encrypting key. The key exchange algorithm is an encryption algorithm shared between client and server so each side of the connection can decrypt and use the symmetric encryption key. RSA, DH, ECDH and ECDHE are all examples of key exchange algorithms.
- Authentication Algorithm
This algorithm is a way of ensuring the identity of the sender. Usually a password and username are used in the process of authenticating the client. The most common authentication algorithms are RSA, DSA and ECDSA.
- Bulk Data Encryption Algorithm
The bulk data encryption algorithm is the algorithm used to encrypt the central data of the message. As the main part of the message is what attackers are attempting to steal or modify, the algorithm used here should be extremely secure. AES, 3DES and CAMELLA are the most common bulk data encryption algorithms used by cipher suites.
- Message Authentication Code (MAC) Algorithm
The MAC is a section of information sent along to authenticate the client. The MAC algorithm is the algorithm used to encrypt the MAC. The server compares the MAC received and the MAC they calculate to ensure they match. Normally a Cyclic Redundancy Check algorithm, or CRC, is used with a MAC to check for damaged portions of the message, but a CRC cannot protect against intentional changes to the MAC. If an attacker obtains the message, changes the MAC, and calculates a new checksum, then the server will never know that the MAC was changed. SHA and MD5 are the most commonly used MAC algorithms.
Conclusion
Cipher suites are an integral part to the TLS Handshake, telling the client and server how to encrypt their information for the other to understand. The TLS Handshake, which connects a client and server in a secure connection, is used every day to connect to websites, so ensuring it is the most secure it can be is extremely important. Cipher suites are just one way to ensure safe and trusted connections. Code signing, proper certificate management, and secure SSH keys are all other secure connection methods that must also be implemented properly, to ensure the most secure connection to servers.