Cipher suite

What is a cipher suite?

A cipher suite is a set of cryptographic algorithms that together secure data exchanged between devices over a network. It defines the methods used for encryption, authentication, and integrity verification during a connection.

Each component in a cipher suite handles a specific function. For example, the cipher suite TLS_AES_128_GCM_SHA256 breaks down as:

Transport Layer Security (TLS): The protocol governing the connection.
128-bit Advanced Encryption Standard (AES): The encryption algorithm.
Galois/Counter Mode (GCM): The encryption mode, which also provides integrity protection via an authentication tag.
256-bit Secure Hash Algorithm (SHA): The hash algorithm that verifies data has not been altered in transit.

How does a cipher suite work?

Cipher suites operate within the TLS protocol. When a client connects to a server, they go through a TLS handshake to establish how the connection will be protected:

Cipher suite proposal: The client sends the server a list of cipher suites it supports.
Suite selection: The server chooses a compatible suite from that list.
Session keys creation: Using the negotiated parameters, both parties derive temporary session keys to encrypt and verify data for the duration of the session.
Securing the connection: The suite's algorithms govern all subsequent data exchange, providing encryption and integrity.

TLS versions organize cipher suites differently. In TLS 1.2, a cipher suite defines the cryptographic algorithms used for key exchange, bulk encryption, message authentication, and the pseudorandom function (for example, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256).

In TLS 1.3, key exchange and authentication are negotiated separately during the handshake, so the cipher suite defines only the record protection algorithm and the hash used for key derivation and related handshake functions (for example, TLS_AES_128_GCM_SHA256). How a cipher suite works.

Why is a cipher suite important?

Cipher suites help secure online communication by protecting sensitive data (such as login credentials, personal messages, and payment details) as it travels across the internet, reducing the risk of eavesdropping and tampering.

They also help defend against other threats. The negotiated cryptographic protections provide confidentiality and integrity for data in transit, while TLS authentication mechanisms help confirm that a client is communicating with the intended server rather than a fraudulent one. Many modern TLS configurations also support forward secrecy, which helps keep previously transmitted data protected even if a long-term private key is later compromised.

Where is a cipher suite used?

Cipher suites appear in any system or application that uses TLS encryption. This includes HTTPS, some virtual private network (VPN) protocols like OpenVPN, and email services secured with TLS, including Simple Mail Transfer Protocol Secure (SMTPS), Internet Message Access Protocol Secure (IMAPS), and Post Office Protocol 3 Secure (POP3S).

Services like Slack and Microsoft Teams also use TLS to protect data in transit, and enterprise systems use it to secure internal traffic, such as APIs, administrative interfaces, and company web portals. Signal also uses TLS for transport to its service, alongside its separate end-to-end encryption (E2EE) protocol.

Cipher suites were also used in Secure Sockets Layer (SSL), the predecessor to TLS, but SSL is now obsolete and no longer recommended.

Risks and privacy concerns

Systems using TLS 1.3 and strong cipher suites provide high connection security. TLS 1.3 includes built-in downgrade protection that detects attempts to force negotiation to older protocol versions. However, downgrade risks may still arise when systems support legacy TLS versions or weaker settings.

Security risks can also arise when systems permit insecure or outdated cipher suites during connection setup. Weak cipher suites can expose encrypted traffic to interception, manipulation, or authentication exploits.

Cipher suites that lack forward secrecy, such as those using static Rivest-Shamir-Adleman (RSA) key exchange, pose an additional risk. If an attacker later obtains a server's private key, previously recorded traffic may be decrypted.

FAQ

What is the difference between a cipher and a cipher suite?

A cipher is a single algorithm used to encrypt or decrypt data. A cipher suite is a set of cryptographic algorithms that work together in a secure connection, covering encryption, authentication, key exchange, and integrity protection.

How are cipher suites chosen in a TLS connection?

During the Transport Layer Security (TLS) handshake, the client sends a list of supported cipher suites to the server, and the server selects a compatible option for the session.

Are all cipher suites secure?

Not all cipher suites are secure. Some older suites rely on outdated algorithms such as Rivest Cipher 4 (RC4) or Secure Hash Algorithm 1 (SHA-1). Modern Transport Layer Security (TLS) configurations typically disable these suites and prioritize stronger algorithms.

Why are some cipher suites deprecated?

Cipher suites are deprecated when the algorithms they rely on become vulnerable to attacks or fail to meet modern security standards. For example, Rivest Cipher 4 (RC4)-based Transport Layer Security (TLS) cipher suites have been prohibited, and older constructions without forward secrecy or with weak signature support have been phased out in favor of stronger alternatives.

Does a VPN use cipher suites?

Yes, some VPNs use cipher suites, especially Transport Layer Security (TLS)-based protocols like OpenVPN. In these cases, TLS helps authenticate the server and negotiate keys, while the VPN session uses negotiated encryption settings to protect traffic in transit.