How do you read a cipher suite name like TLS_AES_128_GCM_SHA256?

4 minintermediatecipher-suitetls-1.3tls-1.2

Quick Answer

In TLS 1.3, a cipher suite name has three parts: the bulk encryption algorithm (AES_128), the mode it runs in (GCM), and the hash function used for the handshake's integrity checks (SHA256). TLS 1.2 names are longer and also specify the key exchange and authentication algorithms, for example TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.

Detailed Answer

TLS 1.3 cipher suite:

TLS_AES_128_GCM_SHA256
 |    |    |    |
 |    |    |    +-- SHA256: hash function used for the handshake's
 |    |    |         integrity checks (the "Finished" messages, etc.)
 |    |    +-------- GCM: the mode AES runs in, which also gives
 |    |                an integrity check on the encrypted data
 |    +------------- AES_128: the symmetric encryption algorithm
 |                     and key size
 +------------------ "TLS" prefix, just labels this as a TLS cipher suite

TLS 1.3 dropped key exchange and signature algorithm from the name entirely, because it only supports (EC)DHE key exchange now — there's nothing left to choose between, so it isn't part of the name.

TLS 1.2 cipher suite (longer, because more is configurable):

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
 |    |      |      |    |    |
 |    |      |      |    |    +-- SHA256: hash used in the handshake
 |    |      |      |    +------- GCM: encryption mode
 |    |      |      +------------ AES_128: symmetric cipher
 |    |      +------------------- RSA: authentication/signature algorithm
 |    +-------------------------- ECDHE: key exchange algorithm
 +------------------------------- "TLS" prefix

The general pattern for TLS 1.2 names is: TLS_[key exchange]_[authentication]_WITH_[cipher]_[hash]. Being able to read these is useful when debugging connection failures, or when auditing which cipher suites a server allows.

Related Resources