Week 11: TLS

Question 1

What are the phases of a TLS handshake?

Answer 1

1. Security Capabilities
2. Authentication and Public-key Exchange
3. Key Exchange/Derivation
4. Finished

Question 2

What messages are sent in TLS Phase 1: Security Capabilities?

Answer 2

Client sends: Client_Hello

• includes list of ciphersuites supported
• session ID

Server sends: Server_Hello

• selects ciphersuite
• session ID

Question 3

What messages are sent in TLS Phase 2: Authentication and Public-key exchange?

Answer 3

Server sends: certificate
- certifying public key is indeed from server

Server sends: server_key_exchange (optional)
- server’s public key

Server sends: certificate_request (optional)
- if server needs to verify client

Server sends:
server_hello_done (optional)
- messages are done

Question 4

How many messages does client send during TLS Phase 2: Authentication and Public-key Exchange?

Answer 4

0

Question 5

What messages are sent in TLS Phase 3: Key Exchange/Derivation?

Answer 5

Client sends: certificate (optional)
- if requested by server

Client sends: client_key_exchange
- client’s pre-master-secret

Client sends: certificate verify (optional)
- if certificate is verified

Question 6

How many messages does client send during TLS Phase 3: Key Exchange/Derivation?

Answer 6

1-3

Question 7

What messages are sent in TLS Phase 4: Finished?

Answer 7

Client sends: change_cipher_spec
- says let’s use master symmetric key

Client sends: finished

Server sends same messages back