I'm looking for information regarding TLS/SSL cipher suites strength.
for example, when pressing F12 on chrome, there is a security overview tab with cipher protocol and suites information.
Chrome Security Tab example:
Now I'm interesting on how do I know which cipher suite consider STRONG or WEAK. Is it the key strength? the algorithm? I couldn't find something clear about it.
Thanks is advance.
Both algorithms and length are to be taken into account. What is strong or weak at one point can change over time, it also depends on the software used, and what kind of clients you need to support.
Please have a look at https://security.stackexchange.com/questions/179114/what-are-the-toughest-ssh-daemon-settings-in-terms-of-encryption-handshake-or/179117#179117 where I give the following resources:
So for examples nowadays AES-GCM is favored in TLS 1.2
TLS 1.3, soon to be a RFC, worked a lot to improve the list of algorithms allowed: The list of supported symmetric algorithms has been pruned of all algorithms that are considered legacy. Those that remain all use Authenticated Encryption with Associated Data (AEAD) algorithms.
and the new default (mandatory to implement) algorithms are:
In the absence of an application profile standard specifying otherwise, a TLS-compliant application MUST implement the TLS_AES_128_GCM_SHA256 [GCM] cipher suite and SHOULD implement the TLS_AES_256_GCM_SHA384 [GCM] and TLS_CHACHA20_POLY1305_SHA256 [RFC7539] cipher suites. (see Appendix B.4)
A TLS-compliant application MUST support digital signatures with rsa_pkcs1_sha256 (for certificates), rsa_pss_rsae_sha256 (for CertificateVerify and certificates), and ecdsa_secp256r1_sha256. A TLS-compliant application MUST support key exchange with secp256r1 (NIST P-256) and SHOULD support key exchange with X25519 [RFC7748].
