What exactly is a Cipherspec?
This blog post discusses what exactly is a Cipherspec, and how it differs from a Ciphersuite. The purpose of this blog is to clear up confusion, and to also promote the proper usage of TLS terminology in IBM MQ. As technicians, it is helpful that we use the correct terminology when discussing things like TLS, Ciphersuites, Cipherspecs, etc. for IBM MQ.
Cipherspec Definition
The IETF (Internet Engineering Task Force) is the group that owns TLS and is responsible for providing the TLS specifications. The Ciphersuite and Cipherspec terms were both defined in the IETF RFC 6101 document which is a republication of the SSL v3 protocol:
https://tools.ietf.org/html/rfc6101#page-47
A.6. The CipherSuite
The following values define the CipherSuite codes used in the client hello and server hello messages.
.
.
.
A.7. The CipherSpec
A cipher suite identifies a CipherSpec. These structures are part of
the SSL session state. The CipherSpec includes:
.
.
.
struct {
BulkCipherAlgorithm bulk_cipher_algorithm;
MACAlgorithm mac_algorithm;
CipherType cipher_type;
IsExportable is_exportable
uint8 hash_size;
uint8 key_material;
uint8 IV_size;
} CipherSpec;
I know this starts to get technical, but the Ciphersuite is the name of the negotiated cipher alogrithms between the SSL/TLS client and server. For example, TLS_RSA_WITH_AES_256_CBC_SHA256 is a Ciphersuite that could be negotiated between a TLS client and server.
A Ciphersuite identifies a Cipherspec (which is really a subset of the Ciphersuite), and the Cipherspec is the symmetric encryption and authentication portions of the Ciphersuite that are used to protect and authenticate the TLS record. In the case of the Ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256, the Cipherspec portion is AES_256_CBC_SHA256. In this case, AES_256_CBC is used to encrypt the TLS record and SHA256 is used to authenticate the record with a MAC (message authentication code).
So to summarize, a Cipherspec is a subset of the Ciphersuite. Again, if TLS_RSA_WITH_AES_256_CBC_SHA256 is your Ciphersuite, AES_256_CBC_SHA256 would be your Cipherspec.
Why does IBM MQ then call a Ciphersuite a Cipherspec?
The reader might be now asking the following question. “If a Cipherspec is not just another name for a Ciphersuite, why does IBM MQ reference Ciphersuites as Cipherspecs in their documentation?” An example of this would be the following "Enabling Cipherspecs" link in the MQ 9.1 manual:
https://www.ibm.com/support/knowledgecenter/en/SSFKSJ_9.1.0/com.ibm.mq.sec.doc/q014260_.htm
| CipherSpecs for TLS 1.2 |
| All |
TLS_RSA_WITH_AES_128_CBC_SHA256 |
TLS 1.2 |
SHA-256 |
AES |
128 |
Yes |
No |
| All |
TLS_RSA_WITH_AES_256_CBC_SHA256 9 |
TLS 1.2 |
SHA-256 |
AES |
256 |
Yes |
No |
In the above manual link, the Ciphersuite TLS_RSA_WITH_AES_256_CBC_SHA256 that we were just referencing above is being called a Cipherspec. I don’t work for IBM, so it would be presumptuous for me to state why they are doing this. However, the following history of how the Cipherspec evolved to a Ciphersuite does show how there could have been confusion on the two terms around the times of SSL v3.
History of how the Cipherspec changed to a Ciphersuite
To look at the history, we need to understand that TLS (Transport Layer Security) evolved from SSL (Secure Socket Layer). The following are links to the SSL v2 and SSL v3 protocol specifications.
SSL v2 -> https://www.ietf.org/archive/id/draft-hickman-netscape-ssl-00.txt
SSL v3 -> https://www-archive.mozilla.org/projects/security/pki/nss/ssl/draft302.txt
If you look in the SSL v2 specification, you can see there is no reference to Ciphersuite, but a lot of references to Cipherspec. You can also see that Cipherspec played the role of the Ciphersuite in SSL v3. In SSL v2, the Ciphersec is name of the cipher algorithms that are negotiated between SSL client and server. At SSL v3, this name for the negotiated cipher algorithms between the SSL client and server was changed from Cipherspec to Ciphersuite. However, the term Cipherspec was still persisted in the SSL v3 terminology (and also into TLS), and the Cipherspec now means the cipher portions of the Ciphersuite that are used to encrypt and authenticate the TLS record. If someone was trying to incorporate SSL v3 into their product (like IBM MQ did at v5.3, according to my understanding), you can see how someone might have been confused on the correct terminology to use for the negotiated cipher algorithms between the SSL client and server since the name was changing between SSL v2 (Cipherspec) and SSL v3 (Ciphersuite).
Conclusion
When talking about the negotiated cipher algorithms between a TLS client and sever (e.g. TLS_RSA_WITH_AES_256_CBC_SHA256) the correct terminology to use now is Ciphersuite. At SSL v2, it was correct to use Cipherspec for the negotiated cipher algorithms between a SSL client and server, but since SSL v3 this terminology has been changed to Ciphersuite. Cipherspec also still has meaning at SSL v3 and TLS, and it means the subset of the Ciphersuite which is used to encrypt and authenticate the TLS record. Hopefully, this blog post will clear up some confusion on the term Cipherspec and what exactly it means.