What Is An SSL/TLS Cipher Suite?
Did you know that a majority of websites use HTTPS as their default protocol?
Whenever a client browser talks to an HTTPS-enabled website, it does so over an encrypted communication channel. Starting from the historical Caesar cipher to the more modern ones in use today, the objective has always been to encode messages in a way that only the intended recipient can read them. A cipher suite is a set of algorithms or instructions that perform a cryptographic function. They are ordered based on the level of security they offer. The most secure algorithm supported by both the client and the server is selected as the first choice. So, what makes up a cipher suite? Let’s find out!
Basic Components of a Cipher Suite
A cipher suite is a collection of algorithms or ciphers that works together at different stages of establishing an HTTPS connection, one after the other. For example, TLS_DHE_RSA_WITH_AES_256_CBC_SHA256 is one of the approved TLS 1.2 ciphers. It uses the DHE algorithm to exchange keys, RSA as its digital signature scheme, AES 256 for bulk data encryption, and SHA 256 for message authentication.
The four elements that come into play are as follows:
Key Exchange Algorithm
Exchanging keys, irrespective of whether the communicating parties use symmetric or asymmetric encryption, is an integral part of the process. Asymmetric encryption, involving the public/private key pair, is only used during the SSL/TLS handshake while the bulk transmission proceeds using symmetric encryption. With symmetric encryption, the same key is used to encrypt and decrypt the message. However, due to the inherent security weaknesses involved, algorithms such as RSA, ECDH, ECDHE, were designed for the secure exchange of symmetric keys. Primarily, for TLS 1.2, RSA is used for key generation whereas Diffie-Hellman is employed for any two communicating parties, talking over an insecure link, to arrive at the same session key.
A Digital Signature Scheme
A digital signature is vital for authentication purposes in PKI, and typically there are two approaches that are commonly adopted in TLS 1.2.
- RSA – The RSA (Rivest–Shamir–Adleman) algorithm utilizes the certificate’s public key to verify the digital signature created using the private key. It operates on modular arithmetic and relies on prime factorization and is quicker at encrypting and verifying than DSA.
- DSA – DSA (Digital Signature Algorithm) also operates on modular arithmetic but uses the discrete logarithm problem. It is also an asymmetric-key encryption algorithm and was developed much after RSA. DSA has better performance when it comes to signing and decryption but was eliminated from TLS 1.3.
Bulk encryption refers to securing the actual communication between two parties using symmetric encryption after the connection is established. There are two modes of bulk cipher – block or stream. With block cipher, the data is encrypted in blocks of a certain specified size. Stream ciphers use a pseudorandom cipher digit stream to encrypt the plaintext information. The key size to be used, along with the mode, is specified in the cipher.
Hash-Based Message Authentication Code (HMAC) is used for authenticating the identity of the sender as well as to ensure message integrity. It uses cryptographic hash functions like MD5 or SHA though MD5 is no longer used over major security concerns. SHA2 is considered as the industry standard hashing algorithm for SSL/TLS and is also included in TLS 1.3. Though hashing is often used as a checksum, it can also be applied to generate a pseudorandom number. HMAC-based key derivation functions come into play for key generation in RSA or Diffie-Hellman schemes.
What Are Some of the Security Vulnerabilities Related to Cipher Suites?
Some significant security vulnerabilities were found to affect SSL/TLS protocols, especially the older versions, inclusive of TLS 1.2. Downgrade attacks affect all versions of TLS, including 1.3, such as POODLE, Heartbleed, etc. Mitigating against these attacks involves installing the latest patches and disabling the use of certain vulnerable versions, such as disabling SSL3 to defend against POODLE.