Cipher suite
1. Definition
Cipher Suite, cipher suite, namely cipher suite. It is a concept in the TLS/SSL network protocol. Refers to the server and client used in ssl communication 加密算法的组合
.
Second, the use process
In the early stage of the ssl handshake, the client sends a list of cipher suites it supports to the server, and the server selects a suite as much as possible from it according to its own configuration as the encryption method to be used later.
Three, examples
The following is a set of cipher suites sent by the client to the server:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (0xc030)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xc028)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xc014)
TLS_RSA_WITH_AES_256_GCM_SHA384 (0x9d)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x3d)
TLS_RSA_WITH_AES_256_CBC_SHA (0x35)
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA (0x84)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xc027)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xc013)
TLS_RSA_WITH_AES_128_GCM_SHA256 (0x9c)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x3c)
TLS_RSA_WITH_AES_128_CBC_SHA (0x2f)
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA (0x41)
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0xa)
TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA (0xc012)
Each entry represents a cipher suite. Take the first article as an example to interpret the content:
TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (0xc02f)
- TLS: Indicates that it is based on the TLS protocol.
- ECDHE: The Handshake phase of TLS/SSL uses ECDHE to exchange symmetric keys.
- RSA: Authentication of TLS/SSL uses RSA to verify the signature of the certificate.
- AES_128_GCM: Encryption of TLS/SSL uses AES in GCM, the length is 128.
- HA256: Hasning uses SHA256, and SHA384 and SHA512 are common.
- 0xc02f: The identifier of the encryption suite. Each encryption suite is identified by a unique number. In terms of openssl, it is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
references
https://www.trustasia.com/jmtjssl Encryption Suite
https://baike.baidu.com/item/%E5%AF%86%E7%A0%81%E5%A5%97%E4%BB%B6/22657345?fr=aladdin cipher suite
https://blog.csdn.net/hxg117/article/details/90665260 HTTPS cipher suite components