The ciper suite to be used between the client and the server gets negotiated during the SSL/TLS handshake. The client therefor sends a list of ciper suites it supports and the server chooses one of them or rejects them.
A cipher suite gets represented by a string like that:
Protocol
The overall protocol to setup a secure communication between client and server.
– SSL (Secure Socket Layer)
– TLS (Transport Layer Security)
Key Exchange
The protocol to exchange the keys (asymmetric) for an encrypted handshake.
– PSK (Pre-Shared Key)
– DH (Diffie-Hellman)
—– DHE (DH Ephemeral)
—– ECDH (Elliptic Curve DH)
—– ECDHE (Elliptic Curve DH Ephemeral)
– RSA (Rivest-Shamir-Adleman)
Server Authentification
The algorithm used by the server to generate the certificate key (asymmetric).
– DSA (Digital Signature Algorithm)
—– ECDSA (Elliptic Curve DSA)
– RSA (Rivest-Shamir-Adleman)
Block Cipher
The symmetric encryption algorithm used for the communication after the handshake.
– NULL
– DES (Data Encryption Standard)
– AES (Advanced Encryption Standard)
– ChaCha20
Message Integrity
The algorithm to generate a checksum (message + symmetric key) to verify the integrity.
– MD5 (Message-Digest Algorithm 5)
– SHA (Secure Hash Algorithm)