TLS ciphersuite names contain what algorithms ,key sizes are used for handshake and encrypted session.
TLS– it tells that it uses TLS protocol.
ECDHE– Elliptic Curve Diffie-Hellman with Ephemeral keys. This defines the method used to exchange the key.Diffie-Hellman key exchanges which use ephemeral (generated per session) keys provide forward secrecy, meaning that the session cannot be decrypted after the fact, even if the server’s private key is known. Elliptic curve cryptography provides equivalent strength to traditional public-key cryptography while requiring smaller key sizes, which can improve performance. Additionally, they serve as a hedge bet against a break in RSA.
RSA– The server’s certificate must contain a RSA public key, and the corresponding private key must be used to sign the ECDHE parameters. This is what provides server authentication.
AES_128– it specifies the length of the cipher and algorithm,The symmetric encryption cipher is AES with 128-bit keys. This is reasonably fast and not broken , AES_256 which is more secure but affects performnce.
CBC– Cipher Block Chaining mode. Here’s where you can probably improve your choice. CBC mode is a way of employing a block cipher to encrypt a variable-length piece of data, and it has been the source of TLS woes in the past: BEAST, Lucky-Thirteen, and POODLE were all attacks on CBC-mode TLS. A better choice for performance and security is AES_128_GCM, which is one of the new AEAD ciphers introduced in TLS 1.2 and has good performance and security characteristics.
SHA256– This is the hash function that underlies the Message Authentication Code (MAC) feature of the TLS ciphersuite. This is what guarantees that each message has not been tampered with in transit. SHA256 is a great choice, and is the default hash algorithm for various parts of TLS 1.2. I’m pretty sure that using SHA-1 would be OK here, since the window for exploitation is so much smaller than, e.g. the certificate signature. AEAD ciphersuites are authenticated to begin with, so this additional MAC step is not needed or implemented.