Ciphers and Cipher Suites
A cipher is an algorithm that takes a plain text message, in the case of HTTPS your unencrypted HTTP data, and scrambles it up to prevent a third party from being able to read it. Ciphers uses keys/shared secrets to decrypt and encrypt data, it is important that that only trusted parties know these secrets; the method used to decide on this shared secret is called key exchange is discussed further below.
There are a number of ciphers available to use in the various versions of SSL/TLS, to increase the number of clients who are able to connect it is common to support a number of different ciphers; however selecting the right ciphers very important, weaknesses have been found in some ciphers that were once considered secure, and some ciphers have become more vulnerable as computing power has increased. Different versions of SSL/TLS support different ciphers, and some clients may only support a subset of the ciphers supported by a specific version of SSL/TLS.
Choice of ciphers is beyond the scope of this post, however one important factor to consider with ciphers is if they support perfect forward security. TLS 1.3 the upcoming new version of TLS will only support algorithms have perfect forward security.
Cipher suites are a combination of ciphers, key exchange methods and MACs that are typically displayed together in the following format “DHE-RSA-AES256-GCM-SHA384.”