Should I disable cipher suites?

I had a question about security, I've been looking at various websites but nobody really talks about it so I thought I'd ask my question.

If I use SSL/TLS, or will the server just automatically get the right cipher suite? Is disabling them just a waste of time since there's no need for it? I would like to know if someone can explain why disabling cipher suites is harmful. SSL/TLS is an encryption protocol and doesn't involve "cipher suites" in any way. SSL/TLS supports different protocols (for example TLS 1.2, TLS 1.1) that require different security properties. Each protocol supports a subset of the different cryptographic algorithms which means that a different number of ciphersuites are supported by the different protocols. Cipher suites define which encryption algorithm is used with which key size (which limits the minimum of the RSA key length to 512 bits).

Disabling a cipher suite, therefore, doesn't help in any way. However, some security fixes from the cipher suite list for the TLS protocol were removed after TLS 1.2 was standardized. These fixes did have some side-effects that may be useful.

If you don't need the more modern TLS protocol (1.2, 1.3, .), then disabling the ciphers does not hurt.

How do I know which cipher suite is used?

There are two ways to know which cipher suite is used in your client/server combination: By inspecting the ClientHello message, which is a message generated by the client during the handshake and sent as part of the initial exchange, with the ClientHelloMessage structure that has a ServerHelloMessage struct.

You can find this structure in the clientHello message via the server name and version parameters of the ClientHelloMessage struct. These values indicate the selected cipher suite.

By parsing the TLS Handshake Protocol record associated with the handshake. For instance, if you wanted to have your program check which cipher suite was used, you could simply read the handshake record via SSLread() and look for a TLS Handshake Protocol Record struct. The TLS Handshake Protocol record indicates the selected cipher suite.

How do I find out how strong the encryption in the connection is? The strength of the encryption depends on the cipher suite, the key exchange protocol used, the authentication method used and the authentication algorithm used. For more information about the security of the cryptographic algorithms and protocols, please refer to the Cryptographic Strength section.

How do I check the certificates associated with a connection? You can use the SSLgetcurrentcipher() function to retrieve the cipher suite associated with the connection and then use the SSLgetverifyresult() function to retrieve information about the peer certificate.