A Cipher suite is a selection of one specific protocol for four security services: Key Exchange, Authentication, Symmetric Encryption, and Hashing. In TLS 1.2 and prior, a single Cipher Suite selected a protocol for all four of these... in TLS 1.3, a Cipher Suite changes to only specify a protocol for two of these: Symmetric Encryption and Hashing.
Here is what a Cipher Suite looks like in TLS 1.3:
TLS_AES_128_GCM_SHA256
Here is what they looked like in TLS 1.2 and prior:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
Beyond that there are many other changes to how Cipher Suites work in TLS 1.3. This video unpacks 6 significant changes to TLS 1.3, all of which relate to Cipher Suites.
? This is a sample lesson from my SSL & TLS deep dive course: Practical TLS.
https://pracnet.net/tls
? More free lessons from the course:
https://www.youtube.com/playlist?list=PLIFyRwBY_4bTwRX__Zn4-letrtpSj1mzY
? Do you configure or troubleshoot TLS/SSL for work? If so, I'm willing to bet your employer would happily pay for this SSL training. Reach out if you'd like to coordinate an introduction for a bulk license purchase with your company. If your referral leads to live training engagement, I'll buy you an iPad (or tablet of similar value of your choice)
? Join Practical Networking Discord
https://pracnet.net/discord
00:00 - What is a Cipher Suite?
00:56 - Old protocols are no longer supported
02:32 - Cipher Suites are Simpler in TLS 1.3
04:30 - Orthogonal Cipher Suite choices
05:28 - Fewer Cipher Suites in TLS 1.3
07:20 - All TLS 1.3 Ciphers are AEAD - Authenticated Encryption with Associated Data
10:18 - TLS 1.3 mandates Forward Secrecy
12:29 - No more custom DH Groups
15:24 - Key Points - Changes in TLS 1.3 related to Cipher Suites
16:07 - Want more? Check out Practical TLS
#ssl #tls #cybersecurity