TLS_RSA_WITH_AES_128_GCM_SHA256
TLS 1.2 | 128-bit (NO Forward Secrecy) Not Recommended
Cipher Suite Details
TLS_RSA_WITH_AES_128_GCM_SHA2560x009C156What is TLS_RSA_WITH_AES_128_GCM_SHA256?
TLS_RSA_WITH_AES_128_GCM_SHA256 uses static RSA key exchange, where the client encrypts the pre-master secret with the server's RSA public key. This method does NOT provide perfect forward secrecy - if the server's private key is compromised, all past sessions can be decrypted. Static RSA is deprecated and disabled in modern browsers. It remains supported for legacy compatibility with ancient systems. AES-128-GCM provides authenticated encryption, but the lack of forward secrecy makes this cipher suite unsuitable for modern security requirements. PCI-DSS and other compliance frameworks prohibit static RSA.
Role in JA3 Fingerprinting
The TLS_RSA_WITH_AES_128_GCM_SHA256 cipher suite is part of the TLS Client Hello that JA3 analyzes. Cipher suite order and selection are key indicators of browser type and version.
JA3 Format: TLS_VERSION,CIPHERS,EXTENSIONS,CURVES,POINT_FORMATS
Different browsers prioritize different cipher suites (Chrome prefers ChaCha20 on mobile, Firefox prioritizes AES-GCM, etc.), making cipher suite ordering a reliable fingerprint.
Test Your Cipher Suites
See which cipher suites your browser advertises, including TLS_RSA_WITH_AES_128_GCM_SHA256.