Cipher Suite

The named combination of cryptographic algorithms a TLS connection uses for key exchange, authentication, encryption, and MAC.

A cipher suite is the bundle of algorithms negotiated during a TLS handshake. In TLS 1.2, a suite name like `ECDHE-RSA-AES128-GCM-SHA256` encodes key exchange (ECDHE), authentication (RSA), bulk encryption (AES-128-GCM), and MAC/PRF (SHA-256). TLS 1.3 drastically simplified this: only AEAD ciphers and forward-secret key exchanges remain, and suite names like `TLS_AES_128_GCM_SHA256` no longer name the key exchange or auth (those are negotiated separately). Choosing modern suites (forward-secret, AEAD) is the single biggest knob for TLS security after picking a current protocol version.

Reference

Mozilla: Server Side TLS
RFC 8446 §B.4

Related terms

TLS 1.3
TLS 1.2
TLS Handshake
Forward Secrecy
SSL/TLS

Referenced on

Email Header Analyzer
HTTP Header Checker
SMTP Diagnostics
SSL/TLS Error Codes Reference and Fixes

Back to the full glossary