The hash component of a cipher suite serves two purposes: key derivation and handshake verification. Itās the least glamorous part of the cipher suite, but itās essential.
After the key exchange produces a pre-master secret, that secret needs to be expanded into multiple keys: a client encryption key, a server encryption key, client and server IVs (initialization vectors), and MAC keys (in non-AEAD modes).
The PRF (Pseudorandom Function) does this expansion. It takes the pre-master secret plus the random values from ClientHello and ServerHello and produces all the needed keys. The PRF is built on the hash algorithm specified in the cipher suite.
In TLS 1.2, the PRF uses the cipher suiteās hash (SHA-256 or SHA-384). In TLS 1.3, the key derivation uses HKDF (HMAC-based Key Derivation Function), which is also built on the cipher suiteās hash.
The Finished message at the end of the handshake contains a hash of all handshake messages exchanged so far. Both sides compute this hash independently and compare. If they match, no one tampered with the handshake.
This is critical for preventing downgrade attacks. If an attacker modified the ClientHello to remove strong cipher suites, the hash of the handshake messages would be different on each side, and the Finished verification would fail.
SHA-256 is the default for most cipher suites. SHA-384 is used with AES-256 cipher suites for a consistent security level (256-bit encryption with 384-bit hash).
In practice, both are secure. The choice is usually made automatically based on the cipher suite.
Next: Choosing Cipher Suites