LOGBOOK

HELP

Quiz Entry - updated: 2026.05.31

What happens during the TLS handshake (TLS 1.2 view), in four phases?

Phase A: negotiate security parameters. Phase B: server authentication + key exchange. Phase C: optional client authentication + key exchange completion. Phase D: switch on the cipher suite and finish.

Phase A — Parameter negotiation:

Client → Server: ClientHello
   { random, session ID, supported cipher suites, supported compression }
Server → Client: ServerHello
   { random, session ID, chosen cipher suite }

Phase B — Server authentication & key exchange:

Server → Client: Certificate           (server's X.509 chain)
Server → Client: ServerKeyExchange     (e.g. DH public param, signed)
Server → Client: CertificateRequest    (optional, only for mTLS)
Server → Client: ServerHelloDone

Phase C — Client key exchange (and optional client cert):

Client → Server: Certificate           (only if requested, mTLS)
Client → Server: ClientKeyExchange     (RSA-encrypted pre-master OR client's DH public)
Client → Server: CertificateVerify     (only if client cert sent)

Both sides now derive the master secret from the pre-master + the two random nonces.

Phase D — Finalisation:

Client → Server: ChangeCipherSpec     (now using the new keys)
Client → Server: Finished              (encrypted MAC of all prior messages)
Server → Client: ChangeCipherSpec
Server → Client: Finished

The Finished messages are integrity-protected MACs over the entire handshake transcript — defeats downgrade attacks.

TLS 1.3 changes: combined Phases A+B into one round trip, removed RSA key exchange entirely (mandatory DHE/ECDHE for Perfect Forward Secrecy), removed CCS messages, removed weak cipher suites. Result: 1-RTT handshake (vs 2-RTT in 1.2), and resumed sessions are 0-RTT.

Tip: Use openssl s_client -connect host:443 -msg to see all handshake messages in hex. It's the most concrete way to understand what's actually happening.

From Quiz: ISF / Asymmetric Cryptography | Updated: May 31, 2026