Cipher Suites (Key Exchange, Authentication, Encryption, Hash)

#Decoding the Cryptographic DNA#link

A 'Cipher Suite' is not a single algorithm, but a bundle of four different cryptographic tools. When a client and server agree on a suite, they are agreeing on how to exchange keys, how to prove identity, how to encrypt data, and how to ensure integrity.

Anatomy of a TLS 1.2 Cipher Suite

Take the common suite: `TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`. It breaks down as follows: - **TLS**: The protocol. - **ECDHE**: The Key Exchange (Elliptic Curve Diffie-Hellman Ephemeral). - **RSA**: The Authentication (The server uses an RSA certificate). - **AES_128_GCM**: The Bulk Encryption (AES 128-bit in GCM mode). - **SHA256**: The MAC/Hashing algorithm for the PRF (Pseudo-Random Function).

In the output above, the `TLS_RSA_WITH_AES_128_CBC_SHA` suite is flagged as weak because it uses static RSA for key exchange (no PFS) and CBC mode (padding oracles).

The Simplified World of TLS 1.3

TLS 1.3 radically simplified cipher suites. Because it mandates Ephemeral DH and AEAD ciphers, the 'Key Exchange' and 'Authentication' parts were removed from the suite name. A TLS 1.3 suite looks like: `TLS_AES_256_GCM_SHA384`. It only specifies the symmetric cipher and the hash.

Audit and Hardening

When hardening a server, the goal is to implement 'Cipher Suite Order'. The server should be configured to ignore the client's preference and always enforce the strongest mutually supported suite. This prevents 'Bidding Down' attacks.

• ▪Set `ssl_prefer_server_ciphers on;` in Nginx
• ▪Disable all CBC-mode ciphers
• ▪Prioritize ChaCha20 for mobile clients (faster than AES on some ARM CPUs)
• ▪Ensure DH parameters are at least 2048-bit