Reference LibraryTLS Handshake & Cipher Suites
CryptographyDomain 3: Security Architecture & Engineering

TLS Handshake & Cipher Suites

Exam Relevance:

TLS secures communications by negotiating encryption parameters during a handshake. TLS 1.3 simplified the handshake to 1 round-trip, removed weak algorithms, and mandated Perfect Forward Secrecy.

Why It Matters for CISSP

TLS is everywhere — HTTPS, secure email, VPNs, API calls. The CISSP exam tests your understanding of how the handshake establishes trust, what a cipher suite contains, why TLS 1.0/1.1 are deprecated, and what Perfect Forward Secrecy means.

TLS 1.2 Handshake (4 Steps)

1. ClientHello: Client sends supported TLS versions, cipher suites, and a random nonce. 2. ServerHello + Certificate: Server selects cipher suite, sends its certificate. 3. Key Exchange: Both sides use ECDHE to derive the pre-master secret and compute the Master Secret. 4. Finished: Both sides send a Finished message encrypted with the new session keys.

TLS 1.3 Improvements

1-RTT Handshake: Client sends key share in ClientHello — server can respond immediately.

Removed Weak Algorithms: RSA key exchange, DH static, RC4, MD5, SHA-1, 3DES all removed.

Mandatory PFS: Only ECDHE and DHE key exchange allowed.

Cipher Suite Anatomy

A cipher suite defines four algorithms: Key Exchange + Authentication + Encryption + Hash.

Example: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - Key Exchange: ECDHE (provides PFS) - Authentication: RSA - Encryption: AES_256_GCM (AEAD) - Hash: SHA384

Perfect Forward Secrecy (PFS)

With RSA key exchange: if the server's private key is compromised, an attacker can decrypt all past sessions.

With ECDHE (Ephemeral): a new key pair is generated for every session. Compromise of the long-term private key does NOT allow decryption of past sessions.

TLS version evolution

VersionHandshake RTKey ExchangePFSStatus
SSL 3.02-RTTRSA/DHNoBroken (POODLE)
TLS 1.02-RTTRSA/DH/DHEOptionalDeprecated
TLS 1.12-RTTRSA/DH/DHEOptionalDeprecated
TLS 1.22-RTTRSA/ECDHE/DHEOptionalAcceptable
TLS 1.31-RTTECDHE/DHE onlyMandatoryCurrent standard

Related Concepts

PkiOsi ModelZero Trust