Encryption algorithms used in the record layer

Next: Compression algorithms used in the record layer, Up: The TLS record protocol

3.3.1 Encryption algorithms used in the record layer

Confidentiality in the record layer is achieved by using symmetric block encryption algorithms like 3DES, AES¹, or stream algorithms like ARCFOUR_128². Ciphers are encryption algorithms that use a single, secret, key to encrypt and decrypt data. Block algorithms in TLS also provide protection against statistical analysis of the data. Thus, if you're using the TLS protocol, a random number of blocks will be appended to data, to prevent eavesdroppers from guessing the actual data size.

Supported cipher algorithms:

3DES_CBC: 3DES_CBC is the DES block cipher algorithm used with triple encryption (EDE). Has 64 bits block size and is used in CBC mode.
ARCFOUR_128: ARCFOUR is a fast stream cipher.
ARCFOUR_40: This is the ARCFOUR cipher that is fed with a 40 bit key, which is considered weak.
AES_CBC: AES or RIJNDAEL is the block cipher algorithm that replaces the old DES algorithm. Has 128 bits block size and is used in CBC mode. This is not officially supported in TLS.

Supported MAC algorithms:

MAC_MD5: MD5 is a cryptographic hash algorithm designed by Ron Rivest. Outputs 128 bits of data.
MAC_SHA: SHA is a cryptographic hash algorithm designed by NSA. Outputs 160 bits of data.

Footnotes

[1] AES, or Advanced Encryption Standard, is actually the RIJNDAEL algorithm. This is the algorithm that replaced DES.

[2] ARCFOUR_128 is a compatible algorithm with RSA's RC4 algorithm, which is considered to be a trade secret.