Next: Authentication, Up: The TLS Handshake Protocol [Contents][Index]
The TLS cipher suites have slightly different meaning under different protocols. Under TLS 1.3, a cipher suite indicates the symmetric encryption algorithm in use, as well as the pseudo-random function (PRF) used in the TLS session.
Under TLS 1.2 or early the handshake protocol negotiates cipher suites of
a special form illustrated by the TLS_DHE_RSA_WITH_3DES_CBC_SHA
cipher suite name.
A typical cipher suite contains these parameters:
DHE_RSA
in the example.
3DES_CBC
in this example.
MAC_SHA
is used in the above example.
The cipher suite negotiated in the handshake protocol will affect the record protocol, by enabling encryption and data authentication. Note that you should not over rely on TLS to negotiate the strongest available cipher suite. Do not enable ciphers and algorithms that you consider weak.
All the supported ciphersuites are listed in ciphersuites.
MAC stands for Message Authentication Code. It can be described as a keyed hash algorithm. See RFC2104.