While reviewing an HTTPS capture, you notice the negotiated cipher suite is TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256. From the standpoint of bulk data encryption in the TLS session, which part of the suite actually carries out the confidentiality function and what is its effective key size?
AES in GCM mode with a 128-bit key provides the session's confidentiality.
SHA-256 is the algorithm that encrypts the application records.
ECDHE performs the content encryption by deriving a 256-bit key.
RSA with a 2048-bit (or larger) modulus encrypts the bulk data.
In a TLS cipher suite, the portion that follows the final "WITH" names the symmetric algorithm that encrypts and authenticates the application data. For TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, this is AES in Galois/Counter Mode (GCM). The "128" indicates AES is operating with a 128-bit key, providing both confidentiality and integrity for each record. ECDHE only establishes an ephemeral shared secret, RSA is used to verify the server's certificate, and SHA-256 is the hash algorithm employed by the TLS 1.2 pseudorandom function and for handshake-message authentication; it is not applied as an HMAC over the data records because AES-GCM already includes built-in integrity.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is AES in GCM mode?
Open an interactive chat with Bash
What does ECDHE mean in a cipher suite?
Open an interactive chat with Bash
Why is SHA-256 used in TLS?
Open an interactive chat with Bash
What is AES in Galois/Counter Mode (GCM)?
Open an interactive chat with Bash
How does ECDHE contribute to the TLS session?
Open an interactive chat with Bash
What role does SHA-256 play in this cipher suite?
Open an interactive chat with Bash
Certified Ethical Hacker (CEH)
Cryptography
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
Pass with Confidence.
IT & Cybersecurity Package
You have hit the limits of our free tier, become a Premium Member today for unlimited access.
Military, Healthcare worker, Gov. employee or Teacher? See if you qualify for a Community Discount.
Monthly
$19.99
$19.99/mo
Billed monthly, Cancel any time.
3 Month Pass
$44.99
$14.99/mo
One time purchase of $44.99, Does not auto-renew.
MOST POPULAR
Annual Pass
$119.99
$9.99/mo
One time purchase of $119.99, Does not auto-renew.
BEST DEAL
Lifetime Pass
$189.99
One time purchase, Good for life.
What You Get
All IT & Cybersecurity Package plans include the following perks and exams .