A cipher suite specifies one algorithm for each of the following tasks:

- Key exchange
- Bulk encryption
- Message authentication

So you may see something like: PSK-AES-SHA256

# Key exchange algorithms

*Key exchange algorithms* protect information required to create shared keys. These algorithms are asymmetric (*public key algorithms*) and perform well for relatively small amounts of data.

## Examples

We have targeted the 128-bit symmetric-equivalent security level, taking the following key lengths for each algorithm [1]:

**RSA**(3072 bit),**Diffie**-Hellman (3072 bit),- Elliptic curve
**Diffie**-Hellman (NIST P-256, which has a 256 bit key length), - Curve25519 (key length is
**fixed**at 256 bit),

# Bulk encryption algorithms

Bulk encryption algorithms encrypt messages exchanged between clients and servers. These algorithms are *symmetric* and perform well for large amounts of data.

# Message authentication algorithms

Message authentication algorithms generate message *hashes* and signatures that ensure the *integrity* of a message.

Reference:

https://docs.microsoft.com/en-us/windows/desktop/secauthn/cipher-suites-in-schannhttps://en.wikipedia.org/wiki/Cipher_suite

https://en.wikipedia.org/wiki/Cipher_suite

https://www.ncbi.nlm.nih.gov/pmc/articles/PMC5551094/