ToolBelt

TLS Cipher Suites

Reference of common TLS 1.2 / 1.3 cipher suites with strength notes.

Open tool

Overview

The TLS cipher suites reference is a searchable list of common cipher suites for TLS 1.2 and TLS 1.3 — TLS_AES_256_GCM_SHA384, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_CHACHA20_POLY1305_SHA256 and the rest. Each row shows the IANA registered name, the version it applies to, the key-exchange and authentication components, the bulk cipher, and a quick strength note.

TLS implementers picking which suites to enable, security auditors flagging deprecated cipher use, and developers writing custom TLS client code all need a cipher suite lookup. Long-tail keywords covered: list of recommended TLS 1.3 cipher suites, identify weak TLS 1.2 ciphers, and what does ECDHE_RSA mean in a cipher suite.

How it works

A TLS 1.2 cipher suite names four components: key exchange (RSA, DHE, ECDHE), authentication (RSA, ECDSA, PSK), bulk cipher (AES-128-GCM, AES-256-GCM, ChaCha20-Poly1305, etc.), and the MAC or PRF hash (SHA256, SHA384). TLS 1.3 simplified the picture: the key exchange and authentication are negotiated separately, and the suite name only mentions the AEAD cipher and the hash. That is why TLS 1.3 has just five defined suites versus the hundreds in TLS 1.2.

Strength notes flag legacy weaknesses: RSA key exchange (no forward secrecy), CBC mode (vulnerable to padding-oracle attacks if implemented carelessly), 3DES (deprecated as of 2018), RC4 (broken since 2013), null encryption suites (test only). Anything in the green column is current best practice; anything in the red column should be off.

Examples

  • TLS_AES_128_GCM_SHA256 — TLS 1.3 default, fast and secure.
  • TLS_CHACHA20_POLY1305_SHA256 — TLS 1.3, preferred on devices without AES-NI hardware acceleration.
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 — TLS 1.2 modern, forward secret, GCM AEAD.
  • TLS_RSA_WITH_3DES_EDE_CBC_SHA — TLS 1.2 legacy, no forward secrecy, deprecated cipher; disable.

FAQ

Why does TLS 1.3 have so few suites?

The version separates the cipher from the rest of the handshake. With key exchange always being ECDHE and authentication negotiated by signature algorithm extension, the suite reduces to the AEAD + hash combination.

Should I prefer AES-GCM or ChaCha20?

AES-GCM on hardware with AES-NI (most modern desktop and server CPUs). ChaCha20-Poly1305 on mobile or low-power devices without dedicated AES instructions, where it is dramatically faster.

What is forward secrecy?

A property of the key exchange — ECDHE (or DHE) generates a session key that cannot be recovered later, even if the server's private key is compromised. Plain RSA key exchange does not provide it, which is why it is deprecated.

Are 256-bit suites worth the cost over 128-bit?

For most applications, no. AES-128 is considered cryptographically strong indefinitely against classical attackers; AES-256 is mandated only by some compliance regimes and offers a margin against future quantum attacks on AES that may never materialise.

Try TLS Cipher Suites

An unhandled error has occurred. Reload ×