TLS secures communications by negotiating encryption parameters during a handshake. TLS 1.3 simplified the handshake to 1 round-trip, removed weak algorithms, and mandated Perfect Forward Secrecy.
TLS is everywhere — HTTPS, secure email, VPNs, API calls. The CISSP exam tests your understanding of how the handshake establishes trust, what a cipher suite contains, why TLS 1.0/1.1 are deprecated, and what Perfect Forward Secrecy means.
1. ClientHello: Client sends supported TLS versions, cipher suites, and a random nonce. 2. ServerHello + Certificate: Server selects cipher suite, sends its certificate. 3. Key Exchange: Both sides use ECDHE to derive the pre-master secret and compute the Master Secret. 4. Finished: Both sides send a Finished message encrypted with the new session keys.
1-RTT Handshake: Client sends key share in ClientHello — server can respond immediately.
Removed Weak Algorithms: RSA key exchange, DH static, RC4, MD5, SHA-1, 3DES all removed.
Mandatory PFS: Only ECDHE and DHE key exchange allowed.
A cipher suite defines four algorithms: Key Exchange + Authentication + Encryption + Hash.
Example: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 - Key Exchange: ECDHE (provides PFS) - Authentication: RSA - Encryption: AES_256_GCM (AEAD) - Hash: SHA384
With RSA key exchange: if the server's private key is compromised, an attacker can decrypt all past sessions.
With ECDHE (Ephemeral): a new key pair is generated for every session. Compromise of the long-term private key does NOT allow decryption of past sessions.
TLS version evolution
| Version | Handshake RT | Key Exchange | PFS | Status |
|---|---|---|---|---|
| SSL 3.0 | 2-RTT | RSA/DH | No | Broken (POODLE) |
| TLS 1.0 | 2-RTT | RSA/DH/DHE | Optional | Deprecated |
| TLS 1.1 | 2-RTT | RSA/DH/DHE | Optional | Deprecated |
| TLS 1.2 | 2-RTT | RSA/ECDHE/DHE | Optional | Acceptable |
| TLS 1.3 | 1-RTT | ECDHE/DHE only | Mandatory | Current standard |