IntermediateScenario
10 min
TLS Handshake Failures from Cipher Mismatch
SecurityTLSNetworking
Advertisement
Interview Question
After tightening TLS settings, some clients fail during handshake. How do you triage and restore compatibility without weakening security?
Key Points to Cover
- Collect handshake errors and client JA3/JA4 fingerprints
- Compare enabled protocol/cipher suites vs client capabilities
- Introduce secure compatibility ciphers or TLS versions selectively
- Use ALPN/SNI routing to separate legacy clients
- Document policy and add compatibility tests in CI
Evaluation Rubric
Gathers handshake-level evidence30% weight
Matches cipher/protocol compat30% weight
Segments legacy traffic safely20% weight
Codifies policy/tests for regressions20% weight
Hints
- 💡Beware of TLS 1.0/1.1 deprecations on old clients.
Potential Follow-up Questions
- ❓How to test with real client fingerprints?
- ❓When to require mTLS?
Advertisement