SSL/TLS Cipher Suite
A cipher suite specifies one algorithm for each of the following tasks:
- Key exchange
- Bulk encryption
- Message authentication
So you may see something like: PSK-AES-SHA256
Key exchange algorithms
Key exchange algorithms protect information required to create shared keys. These algorithms are asymmetric (public key algorithms) and perform well for relatively small amounts of data.
We have targeted the 128-bit symmetric-equivalent security level, taking the following key lengths for each algorithm :
- RSA (3072 bit),
- Diffie-Hellman (3072 bit),
- Elliptic curve Diffie-Hellman (NIST P-256, which has a 256 bit key length),
- Curve25519 (key length is fixed at 256 bit),
Bulk encryption algorithms
Bulk encryption algorithms encrypt messages exchanged between clients and servers. These algorithms are symmetric and perform well for large amounts of data.
Message authentication algorithms
Message authentication algorithms generate message hashes and signatures that ensure the integrity of a message.