[ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
3.5.1 TLS Cipher Suites
The Handshake Protocol of TLS negotiates cipher suites of
the form TLS_DHE_RSA_WITH_3DES_CBC_SHA
. The usual cipher
suites contain these parameters:
- The key exchange algorithm.
DHE_RSA
in the example. - The Symmetric encryption algorithm and mode
3DES_CBC
in this example. - The MAC(11) algorithm used for authentication.
MAC_SHA
is used in the above example.
The cipher suite negotiated in the handshake protocol will affect the Record Protocol, by enabling encryption and data authentication. Note that you should not over rely on TLS to negotiate the strongest available cipher suite. Do not enable ciphers and algorithms that you consider weak.
The priority functions, dicussed above, allow the application layer to enable and set priorities on the individual ciphers. It may imply that all combinations of ciphersuites are allowed, but this is not true. For several reasons, not discussed here, some combinations were not defined in the TLS protocol. The supported ciphersuites are shown in ciphersuites.