AES Encryption Explained: How It Works and Why It Matters
Jun 23, 2026
Browse, search, and compare TLS cipher suites with Mozilla security classification, OpenSSL & IANA names, and detailed cryptographic parameters.
| Code | IANA Name | OpenSSL | Protocol | Key Exchange | Auth | Encryption | Hash/MAC | Security |
|---|
No cipher suites match your search criteria.
All cipher suite data is embedded and processed entirely client-side. No data is sent to any server.
A TLS cipher suite is a set of cryptographic algorithms that defines how a TLS/SSL connection is established and secured. Each cipher suite specifies four key components:
The Mozilla security classification helps developers choose appropriate cipher suites:
Mozilla provides three security configurations for TLS servers. Choose based on your compatibility requirements:
| Level | Protocols | Key Exchange | Ciphers | Use Case |
|---|---|---|---|---|
| Modern | TLS 1.3 | ECDHE | TLS_AES_256_GCM_SHA384, TLS_CHACHA20_POLY1305_SHA256, TLS_AES_128_GCM_SHA256 | Services that don't need backward compatibility |
| Intermediate | TLS 1.2, TLS 1.3 | ECDHE, DHE | AES-GCM, ChaCha20-Poly1305, AES-CBC (SHA-256/384) | General purpose, broad compatibility |
| Old | TLS 1.0 - TLS 1.3 | ECDHE, DHE, RSA | Includes 3DES, RC4, CBC ciphers | Legacy systems, older clients |
IANA names are the official standardized names assigned by the Internet Assigned Numbers Authority. OpenSSL uses shorter, more human-readable names. For example, the IANA name TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 is known in OpenSSL as ECDHE-RSA-AES128-GCM-SHA256.
Mozilla's Modern profile includes only TLS 1.3 cipher suites with forward-secret key exchange (ECDHE) and AEAD encryption (AES-GCM or ChaCha20-Poly1305). These provide the highest security but may not be compatible with very old clients.
Forward secrecy (or perfect forward secrecy, PFS) ensures that session keys are not compromised if the server's private key is later exposed. Cipher suites using ECDHE or DHE key exchange provide forward secrecy. RSA key exchange does not.
AEAD (Authenticated Encryption with Associated Data) combines encryption and authentication into a single operation. GCM (Galois/Counter Mode) and ChaCha20-Poly1305 are AEAD ciphers. They are more secure and efficient than older CBC-mode ciphers with separate HMAC.
Use this explorer to find the cipher suites appropriate for your security level, then configure them in your web server (Nginx, Apache), load balancer (HAProxy), or application framework. Mozilla's SSL Configuration Generator at ssl-config.mozilla.org provides ready-to-use configurations.
Blog
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026
Jun 23, 2026