It's about how the encryption on an SSL link is quite complex. (45 different combinations when I checked a Win 7 machine, same on Win 8.1)
The technology enables every user to have some say in how securely he connects over a secure connection. (The person who configures the web server also has some control.)
I'm not sure how this ties in with development and validation. What are your thoughts?
Neither am I sure how this plays out across different browsers.
It is entirely possible, that a sizeable proportion of users will start adjusting these settings. (It's not trivial to do. Wouldn't be surprised if people start writing little utilities to do it for you.) If it has an impact it would be good to be prepared. (To do it yourself see an article linked to that above.)
As this negotiation (for the cypher suite) is hidden its easy to have no idea it's going on, so worth knowing about.
Here's some of those suites:
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA
- TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_AES_256_CBC_SHA
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_AES_128_CBC_SHA
- TLS_RSA_WITH_RC4_128_SHA
- TLS_RSA_WITH_3DES_EDE_CBC_SHA
- TLS_RSA_WITH_RC4_128_MD5
- SSL_CK_RC4_128_WITH_MD5
- SSL_CK_DES_192_EDE3_CBC_WITH_MD5
- TLS_RSA_WITH_NULL_SHA
- TLS_RSA_WITH_NULL_MD5
- TLS_RSA_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_AES_256_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384
- TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P521
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P384
- TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384_P521
- TLS_DHE_DSS_WITH_AES_256_CBC_SHA256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384
- TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P521
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384
- TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P521
- TLS_DHE_DSS_WITH_AES_128_CBC_SHA256
- TLS_RSA_WITH_NULL_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P521
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384
- TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P521