I see the following explanation, but how would one know the SSL3.0 ones?
A cipher name is a set of algorithms used for ensuring secure message communication. Let’s dissect a cipher suite name and see what is behind it. For example SSL_RSA_WITH_RC4_128_MD5:
- SSL - protocol (alternatives are e.g. TLS)
- RSA – key exchange / authentication (alternatives are e.g. PSK)
- RC4_128 – message encryption cipher and key length (alternatives are e.g. CBC)
- MD5 – message authentication/integrity (alternatives are e.g. SHA)
To mitigate BEAST attacks, RC4 ciphers should be preferred. Stronger encryption with longer keys should be preferred as well. For message authenticity SHA should be preferred as it is considered more secure than MD5. Having this in mind, I suggest the usage of the following ciphers in this particular order:
TLS_RSA_PSK_WITH_RC4_128_SHA
TLS_PSK_WITH_RC4_128_SHA
TLS_DHE_PSK_WITH_RC4_128_SHA
SSL_RSA_WITH_RC4_128_MD5
SSL_RSA_WITH_RC4_128_SHA