LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What's the purpose of the TLS Client Hello and Server Hello messages, and what does each negotiate?

Client Hello = "here's everything I support, you pick." Server Hello = "I picked X, here's my random number, here comes my certificate." This negotiates the cipher suite and starts the handshake.

ClientHello → certificate → key exchange → ChangeCipherSpec/Finished → encrypted data.

* The TLS handshake: hellos negotiate the cipher, then cert, keys and encryption. *

Client Hello sends:

Field Purpose
TLS version Highest version client supports (e.g., TLS 1.3)
Random (32 bytes) Used in key derivation (prevents replay)
Session ID If resuming a previous session
Cipher Suites List of supported algorithm combinations
Compression methods Usually null (CRIME attack killed compression)
Extensions SNI (which hostname), ALPN (HTTP version), supported curves, signature algorithms…

Server Hello sends:

Field Purpose
TLS version The version both will use (lowest mutually supported)
Random (32 bytes) Server's random for key derivation
Session ID For session resumption
Chosen cipher suite Server's pick from client's list
Extensions Server's responses (e.g., chosen ALPN)

What "cipher suite" means:

A bundle of algorithms for: key exchange, authentication, bulk encryption, MAC. Example:

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    └─key exch─┘    └─encryption─┘ └─hash─┘
              └auth┘

Means: ECDHE for key exchange, RSA for server auth, AES-128-GCM for encryption, SHA-256 as the hash used in key derivation / handshake integrity. (Note: with a GCM cipher, message integrity comes from GCM itself — it's an AEAD mode — so SHA-256 here is the PRF/handshake hash, not a separate per-record MAC. In older CBC suites the trailing hash was the per-record HMAC.)

The two random numbers:

Client random + Server random + the negotiated pre-master secret → derive the session keys via a Key Derivation Function (KDF). Both sides generate the same keys independently — the keys never travel over the wire.

SNI (Server Name Indication):

Client tells the server which hostname it wants — essential for hosting many HTTPS sites on one IP. Privacy concern: SNI is sent in plaintext! ESNI/ECH (Encrypted ClientHello) addresses this.

Tip: In Wireshark, tls.handshake.type == 1 shows Client Hellos, tls.handshake.type == 2 shows Server Hellos. Inspect the cipher suite list — outdated clients/servers reveal themselves by what they support.

Go deeper:

From Quiz: INTROL / Protocol Analysis | Updated: Jul 14, 2026