TLS Process

Question 1

How many round trips does TLS 1.2 make?

Answer 1

2 - which is 4 steps total

Question 2

How many round trips does TLS 1.3 make?

Answer 2

1 - which is 2 steps total

Question 3

What is sent in the Client Hello message?

Answer 3

• TLS version
• A 28-byte random number (Client Random)
• A list of cipher suites.

Question 4

After receiving the client hello, what does the server do to prepare for the “Server Hello”?

Answer 4

The server checks, and sends back the following things:

• Server side chooses the version of TLS
• Generates a server random
• Choose a preferred cipher suite
• Sends the Server Key Exchange (1 part of the pre-master secret)
• AND It adds a digitally signed server certificate (public key)

Then it sends the Server HELLO DONE

Question 5

After the client receives the Server Hello message with the Server Hello Done, what happens next?

Answer 5

The client sends a message back with:

• Client key exchange (1 part of the pre-master secret)
• Change Cipher Spec (i have all necessary information to begin encryption, next message will be encrypted)
• Finished message (summary of all the messages so far, encrypted with the newly created key)

The master secret is created using the server + client randoms along with the pre-master (independently) from each other

Question 6

After the Server receives the Change cipher spec - Finished message from client. What happens next?

Answer 6

Server responds with message:

Change Cipher Spec
Finished message (summary of all the messages so far, encrypted with the newly created key)

Question 7

How is the pre-master created?

Answer 7

Using the Server Key Exchange params AND the Client Key Exchange params

Question 8

How is the Master Secret created?

Answer 8

Client Random + Server Random + Pre-master = Master Secret

Question 9

What is sent in the Client Hello message? (3)

Answer 9

• TLS version
• A 28-byte random number (Client Random)
• A list of cipher suites.

Question 10

After receiving the client hello, what does the server do to prepare for the “Server Hello”? (6)

Answer 10

The server checks, and sends back the following things:

• Server side chooses the version of TLS
• Generates a server random
• Choose a preferred cipher suite
• Sends the Server Key Exchange (1 part of the pre-master secret)
• AND It adds a digitally signed server certificate (public key)

Then it sends the Server HELLO DONE

Question 11

After the client receives the Server Hello message with the Server Hello Done, what happens next? (3)

Answer 11

The client sends a message back with:

• Client key exchange (1 part of the pre-master secret)
• Change Cipher Spec (i have all necessary information to begin encryption, next message will be encrypted)
• Finished message (summary of all the messages so far, encrypted with the newly created key)

The master secret is created using the server + client randoms along with the pre-master (independently) from each other

Question 12

After the Server receives the Change cipher spec - Finished message from client. What happens next? (2)

Answer 12

Server responds with message:

Change Cipher Spec
Finished message (summary of all the messages so far, encrypted with the newly created key)