Skip to main content

Appendix C. Cipher Suite Definitions

This appendix defines cipher suites that are new or updated in TLS 1.2.

C.1. AES Cipher Suites

The following cipher suites use the AES algorithm:

CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA      = { 0x00,0x2F };
CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA   = { 0x00,0x30 };
CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA   = { 0x00,0x31 };
CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA  = { 0x00,0x32 };
CipherSuite TLS_DHE_RSA_WITH_AES_128_CBC_SHA  = { 0x00,0x33 };
CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA  = { 0x00,0x34 };

CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA      = { 0x00,0x35 };
CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA   = { 0x00,0x36 };
CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA   = { 0x00,0x37 };
CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA  = { 0x00,0x38 };
CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA  = { 0x00,0x39 };
CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA  = { 0x00,0x3A };

C.2. AES Cipher Suites with SHA-256

TLS 1.2 introduces AES cipher suites using SHA-256:

CipherSuite TLS_RSA_WITH_AES_128_CBC_SHA256      = { 0x00,0x3C };
CipherSuite TLS_DH_DSS_WITH_AES_128_CBC_SHA256   = { 0x00,0x3E };
CipherSuite TLS_DH_RSA_WITH_AES_128_CBC_SHA256   = { 0x00,0x3F };
CipherSuite TLS_DHE_DSS_WITH_AES_128_CBC_SHA256  = { 0x00,0x40 };

CipherSuite TLS_RSA_WITH_AES_256_CBC_SHA256      = { 0x00,0x3D };
CipherSuite TLS_DH_DSS_WITH_AES_256_CBC_SHA256   = { 0x00,0x68 };
CipherSuite TLS_DH_RSA_WITH_AES_256_CBC_SHA256   = { 0x00,0x69 };
CipherSuite TLS_DHE_DSS_WITH_AES_256_CBC_SHA256  = { 0x00,0x6A };
CipherSuite TLS_DHE_RSA_WITH_AES_256_CBC_SHA256  = { 0x00,0x6B };
CipherSuite TLS_DH_anon_WITH_AES_128_CBC_SHA256  = { 0x00,0x6C };
CipherSuite TLS_DH_anon_WITH_AES_256_CBC_SHA256  = { 0x00,0x6D };

For example, the cipher specification parameters for TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 are:

  • Key Exchange: DHE_RSA
  • Bulk Cipher: AES_128_CBC
  • MAC Algorithm: HMAC-SHA256
  • Pseudorandom Function: PRF (SHA-256)

C.3. NULL Cipher Suites

The following cipher suites use NULL encryption (for testing purposes only; SHOULD NOT be used in production environments):

CipherSuite TLS_RSA_WITH_NULL_SHA256 = { 0x00,0x3B };

C.4. Cipher Suite Naming Conventions

TLS cipher suite names follow this format:

TLS_{KeyExchange}_{Authentication}_WITH_{Cipher}_{MAC}

For example:

  • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    • Key Exchange: DHE (Ephemeral Diffie-Hellman)
    • Authentication: RSA
    • Cipher: AES_128_CBC
    • MAC Algorithm: SHA256

C.5. Implementation Recommendations

For TLS 1.2 implementations, it is recommended:

  1. MUST implement:

    • TLS_RSA_WITH_AES_128_CBC_SHA

  2. SHOULD implement:

    • TLS_RSA_WITH_AES_256_CBC_SHA
    • TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
    • TLS_DHE_RSA_WITH_AES_256_CBC_SHA256

  3. MAY implement:

    • Other cipher suites based on application requirements

  4. SHOULD NOT implement:

    • Anonymous (DH_anon) cipher suites (unless required for specific application scenarios)
    • NULL encryption cipher suites (except for testing purposes only)

C.6. Security Considerations

When selecting cipher suites, consider:

  • Forward Secrecy: Prefer DHE or ECDHE cipher suites
  • Key Length: AES-256 is preferred over AES-128
  • MAC Strength: SHA-256 or stronger is preferred over SHA-1
  • Avoid Weak Algorithms: Avoid algorithms with known weaknesses such as RC4, DES, MD5

Note: For complete cipher suite definitions and detailed specifications, please refer to the full text of RFC 5246 Appendix C.

Last updated on