How Browsers and Servers Negotiate TLS Cipher Suites: A Deep Dive

1. Browser Side

When a user enters an https:// URL, the browser first sends a list of supported Cipher Suites (e.g., C1, C2, C3…) to the server. The server compares this list with its own supported suites and selects a common one. If no match is found, Firefox 30 (used in the examples) displays an error such as “Secure Connection Failed”.

Supported TLS/SSL versions in Firefox can be inspected via about:config by searching for tls.version. The settings security.tls.version.min and security.tls.version.max control the minimum and maximum protocol versions, with values 0‑3 representing SSL 3.0, TLS 1.0, TLS 1.1, and TLS 1.2 respectively.

Using a packet‑capture tool like Wireshark, you can locate the ClientHello message and view the exact Cipher Suites advertised by the browser. In the example, the first suite is TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, and a total of 23 suites are listed.

2. Server Side

On Windows, the supported cipher suites can be viewed via the Group Policy editor ( gpedit.msc) under Computer Configuration → Administrative Templates → Network → SSL Configuration Settings → SSL Cipher Suite Order . This list shows the server’s suite collection and their priority order.

Administrators can modify the order or remove weak suites by enabling the policy and editing the list, or they can use PowerShell to set the registry value directly:

Set-ItemProperty -path HKLM:\SOFTWARE\Policies\Microsoft\Cryptography\Configuration\SSL\0001002 -name Functions -value "XXX,XXX,XXX"

3. Understanding Cipher Suite Names

A cipher suite name encodes four pieces of information:

Key‑exchange algorithm (e.g., RSA, Diffie‑Hellman, ECDH, PSK)

Encryption algorithm and key/IV length (e.g., AES 128/128, AES 256/256)

Message authentication code (MAC) algorithm (e.g., MD5, SHA)

PRF (pseudo‑random function) used to generate the master secret

For example, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA means:

TLS protocol

ECDHE and RSA for key exchange

AES‑256‑CBC for encryption

SHA for MAC

4. Server Selection Logic

When a server (e.g., IIS on Windows) receives a client list [C1, C2, C3] and its own ordered list is [C4, C2, C1, C3], it iterates through its list, skips unsupported suites, and selects the first suite also present in the client list. In this case, C2 is chosen and sent back in the ServerHello message.

5. Practical Considerations

Users can force browsers to accept only TLS 1.2 for stronger security, at the cost of compatibility. Server administrators often place the strongest ciphers at the top of the list, but must balance security against performance, as stronger ciphers increase CPU load. Real‑world cases, such as a web tax‑filing system, showed that switching from RC4‑based suites to AES‑128 improved security without noticeable performance degradation, though the impact of AES‑256 remains a concern during peak load.