TLS Cipher Suites

Enter a hostname ... see what TLS cipher suites it supports.

host

For ex. yahoo.com

Submit

What are TLS cipher suites?

The server and client negotiate a cipher suite by which they will both partcipate in key exchange, authentication, bulk encryption and verify message integrity.

Let's take a look at a concrete example such as TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384.

1. TLS - just saying it's a TLS suite.
2. ECDHE - Key Exchange will use Elliptic Curve Diffie-Hellman. To bootstrap communications, a client and server need to establish an initial key exchange in a secure manner.
3. RSA - Authentication, verifying the identity of the server (or the client), will be done using RSA. Are we talking to who we think we're talking to?
4. WITH_AES_256_GCM - Bulk Encryption will be done using AES with 256bit keys in Galois/Counter Mode (GCM).
5. SHA384 - Message Authentication Code (MAC) will be done using SHA 384. This enables verifying the message integrity, namely that the message has not been altered during transmission.