You've successfully subscribed to Nicholas Workshop
Great! Next, complete checkout for full access to Nicholas Workshop
Welcome back! You've successfully signed in.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info is updated.
Billing info update failed.

SSL/TLS Cipher Suite

Nicholas Wong
Nicholas Wong

A cipher suite specifies one algorithm for each of the following tasks:

  • Key exchange
  • Bulk encryption
  • Message authentication

So you may see something like: PSK-AES-SHA256

Key exchange algorithms

Key exchange algorithms protect information required to create shared keys. These algorithms are asymmetric (public key algorithms) and perform well for relatively small amounts of data.


We have targeted the 128-bit symmetric-equivalent security level, taking the following key lengths for each algorithm [1]:

  • RSA (3072 bit),
  • Diffie-Hellman (3072 bit),
  • Elliptic curve Diffie-Hellman (NIST P-256, which has a 256 bit key length),
  • Curve25519 (key length is fixed at 256 bit),

Bulk encryption algorithms

Bulk encryption algorithms encrypt messages exchanged between clients and servers. These algorithms are symmetric and perform well for large amounts of data.

Message authentication algorithms

Message authentication algorithms generate message hashes and signatures that ensure the integrity of a message.


Network Security

Nicholas Wong

Fullstack software engineer with strong background in computer science and extensive experience in software engineering and architecture. Studied in NYU, worked in Yahoo, Rakuten and Manulife.