Week 14
What is the value of the content type? Server Hello
22
How many cipher suites are supported?
1
What are the lengths of the fields found under the TLS record layer in bytes?
1, 2, 2
There are three fields under the TLS record. What is their length in bytes?
1, 2, 2 Bytes
What is the value of the content type?
13
What is a nonce used for?
A nonce is an arbitrary number used to increase security for cryptographic communications and prevent replay attacks.
What is the purpose of a session ID?
An arbitrary byte sequence chosen by the server to identify an active or resumable session state.
Is this symmetric or asymmetric key exchange?
Asymmetric
Why are there less cipher suites available than the Client Hello message?
Because the server has chosen a cipher from the available list sent from the client.
Why is the server public key being used?
Communication with the server should use the server public key because only the servers private key can unlock the message.
There are three fields under the TLS record. What are they?
Content Type; Version; Length
We will examine the contents of the server hello message What are the fields under the record layer?
Content Type; Version; Length
Next, we will examine the client key exchange. Under the handshake protocol what type of cryptography is being used?
Elliptic Curve Diffie-Hellman
What does Content Type 22 mean?
Handshake
What does the value mean under content type?
Handshake
Which key is being used?
Server Public Key
What are five ciphers that are supported?
TLS_AES_128_GCM_SHA256 (0x1301) TLS_CHACHA20_POLY1305_SHA256 (0x1303) TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) TLS_AES_256_GCM_SHA384 (0x1302)
Why are there so many supported ciphers listed?
The client provides a large list of available ciphers in order of preference to increase compatibility with the many servers the client comes across.
The handshake protocol is encrypted.
True
The packet contains a nonce.
True
Select the first "Client Hello" record in your trace. When you expand the Secure Sockets Layer what version of TLS do you see? Is this the latest version of TLS?
Version 1.0; No 1.3 is the latest version
Does the packet contain a session ID? If so, what is it?
Yes; 6795c45e45d44187e54db52cc0644aef6c27c29b8a214fbfaf958d5ffd73f2bc