Free collection of cipher tools: Caesar cipher, Vigenère cipher, substitution cipher, XOR encryption, and ROT13. Encrypt, decrypt, and learn cryptanalysis techniques.
A cipher suite is a named combination of cryptographic algorithms that together secure a network connection. When a client and server establish a TLS (Transport Layer Security) connection, they negotiate which cipher suite to use. This negotiation determines the algorithms for key exchange, authentication, bulk encryption, and message integrity — the four pillars of a secure connection.
Cipher suites are central to HTTPS, email security (SMTPS, IMAPS), VPN connections, and any protocol built on TLS. Choosing the right cipher suites directly impacts your security posture, compliance status, and compatibility with clients and browsers.
During the TLS handshake, the client sends a list of supported cipher suites in order of preference. The server selects the highest-priority suite it also supports. If no common suite exists, the connection fails.
A TLS 1.2 cipher suite name encodes four algorithm choices:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
| Component | Algorithm | Purpose |
|---|---|---|
| Key Exchange | ECDHE | Establish a shared secret using Elliptic Curve Diffie-Hellman Ephemeral |
| Authentication | RSA | Verify the server's identity using its certificate |
| Encryption | AES_256_GCM | Encrypt application data with AES-256 in Galois/Counter Mode |
| MAC/Hash | SHA384 | Ensure message integrity (built into GCM for AEAD suites) |
TLS 1.3 simplified this by fixing the key exchange to ephemeral Diffie-Hellman variants and using only AEAD ciphers, reducing the cipher suite name to just the AEAD algorithm and hash:
TLS_AES_256_GCM_SHA384