Defaults.Exposed › Glossary › Cipher suite

Cipher suite

Also known as: encryption cipher, cipher, TLS cipher

The specific recipe of locks your website uses to encrypt connections — weak recipes leave the door easier to pick, even with the padlock showing.

What it is

When a visitor connects securely to your site, your server and their browser quickly agree on how to scramble the conversation — which encryption methods to use. That agreed combination is called a cipher suite. Think of it as the recipe of locks protecting the connection.

Some recipes are strong and current. Others are old and have known weaknesses, but many servers still offer them out of habit or for compatibility with very old devices.

Why it matters to your business

A padlock in the address bar tells a visitor the connection is encrypted — it does not tell them how well. If your server still offers weak, outdated cipher suites, a determined attacker may be able to break the encryption and read what should have been private: logins, customer details, payment data.

In plain terms: the lock looks the same to your customers, but a weak cipher suite is a cheaper lock to pick. Turning off the weak ones and keeping only strong, modern recipes makes the protection real rather than just for show — and keeps you in line with what card-payment and data rules expect.

How to tell / what to do

Our free checker examines which cipher suites your site offers and flags any weak ones. If outdated recipes are present, the TLS fix guide shows how to switch them off and keep only the strong set. It’s free, and visitors won’t notice any difference — modern browsers all support the strong options.

Want to fix this on your own domain? See the free guide →