The authentication component of a cipher suite determines how the server proves its identity during the handshake. This is separate from key exchange. Key exchange establishes the shared secret. Authentication proves you’re talking to the right server.
During the handshake, the server sends its certificate and then signs certain handshake messages with its private key. The client verifies the signature using the public key from the certificate.
The authentication algorithm in the cipher suite must match the certificate’s key type:
The server signs handshake messages with its RSA private key. The client verifies with the RSA public key from the certificate. This is the most widely deployed option because RSA certificates have been around the longest.
The server signs with its ECDSA private key. Smaller signatures, faster verification. Requires an ECDSA certificate (generated with an EC key pair).
Some servers are configured with both an RSA certificate and an ECDSA certificate. During the handshake, the server picks the certificate that matches the cipher suite the client supports. If the client supports ECDSA cipher suites, the server uses the ECDSA certificate (smaller, faster). If the client only supports RSA, the server falls back to RSA.
This gives you the best of both worlds: modern performance for modern clients, compatibility for older ones.
Cipher suites with no authentication (like TLS_DH_anon)
exist in the specification but should never be used. Without
authentication, there’s no way to verify the server’s identity, making
the connection vulnerable to man-in-the-middle attacks. No reputable
server or client enables these.
In TLS 1.3, authentication is negotiated separately from the cipher
suite through the signature_algorithms extension. The
client lists which signature algorithms it supports (RSA-PSS, ECDSA,
Ed25519, etc.), and the server picks one that matches its
certificate.
This separation is cleaner. The cipher suite handles encryption and hashing. The signature algorithm extension handles authentication. They’re independent choices.