IntermediatePhone
2 min
TLS Handshake Basics
SecurityTLSNetworking
Advertisement
Interview Question
Briefly describe the TLS handshake steps and how the client verifies the server.
Key Points to Cover
- ClientHello/ServerHello negotiate version and cipher
- Server sends certificate; client validates chain/hostname
- Key exchange (e.g., ECDHE) → shared secrets; session keys derived
Evaluation Rubric
Mentions hello/cipher negotiation34% weight
Explains certificate validation33% weight
Describes key exchange and session keys33% weight
Hints
- 💡SNI and ALPN are often negotiated here.
Common Pitfalls to Avoid
- ⚠️Omitting Certificate Chain Validation and Hostname Verification: A common mistake is just saying 'the client verifies the certificate' without detailing the critical steps of building and validating the CA chain, and crucially, verifying the hostname against the certificate's subject.
- ⚠️Confusing Key Exchange Algorithms with Symmetric Encryption: Misstating that the public/private keys are used for *all* data encryption, rather than just for securely establishing a shared secret from which symmetric session keys are derived.
- ⚠️Skipping the Role of Random Numbers: Failing to mention the exchange of random numbers from both client and server, which are essential inputs into deriving the unique session keys and preventing replay attacks.
- ⚠️Incomplete Negotiation Details: Not fully describing how the ClientHello and ServerHello negotiate critical parameters like the TLS version, cipher suite, and compression methods.
- ⚠️Ignoring Integrity and Authenticity: Overlooking that the TLS handshake also establishes mechanisms for message integrity (MACs) and server authenticity, focusing only on confidentiality.
Potential Follow-up Questions
- ❓Why is forward secrecy important?
- ❓How do client certificates change this?
Advertisement