Cryptographic security protocols must agree the algorithms
used by a secure connection. CipherSpecs and CipherSuites define specific
combinations of algorithms.
A CipherSpec identifies a combination of encryption algorithm and
MAC algorithm. Both ends of an SSL or TLS connection must agree the
same CipherSpec to be able to communicate.
For more information about CipherSpecs, see the related information.
A CipherSuite is a suite of cryptographic algorithms used by an
SSL or TLS connection. A suite comprises three distinct algorithms:
- The key exchange and authentication algorithm, used during the
handshake
- The encryption algorithm, used to encipher the data
- The MAC (Message Authentication Code) algorithm, used to generate
the message digest
There are several options for each component of the suite, but
only certain combinations are valid when specified for an SSL or TLS
connection. The name of a valid CipherSuite defines the combination
of algorithms used. For example, the CipherSuite SSL_RSA_WITH_RC4_128_MD5
specifies:
- The RSA key exchange and authentication algorithm
- The RC4 encryption algorithm, using a 128-bit key
- The MD5 MAC algorithm
Several algorithms are available for key exchange and authentication,
but the RSA algorithm is currently the most widely used. There is
more variety in the encryption algorithms and MAC algorithms that
are used.