So how is your connection to the website secured? 4 elements constitute a cipher suite of the connections:
- authentication certificate,
- key exchange algorithm,
- encryption algorithm,
- hashing function.
Firstly we need to know who we are talking with. For that, we need an authentication certificate that will prove that the webpage is verified and secure. The authenticity of the certificate could be verified in publicly available servers like GlobalSign Root.
Secondly, we need a secret key for further secure data exchange. This usually is done i.e. with the help of the Diffie-Hellman key exchange algorithm which is described in this post: https://medium.com/p/5cffa9b2b9cd
However, the exchange itself needs to be encrypted too so asymmetric encryption like RSA or Elliptic Curve is also used for that.
When we shared the same secret key with the server, we can start secure communication. King of the ciphers: the AES with the specified mode is usually utilized to cipher data and secure data exchange. But to confirm the integrity of data we also need some hashing algorithm. That’s why at the end we also define it i.e. SHA 384.
What specific algorithm is used could be checked in the web browser by clicking on the padlock next to the page URL and going to advance security options of the webpage. You will find there a string that could be deciphered as in the picture below. But with such a cipher suite you can be sure that your connection is secure and no one will know what you are asking about.