RFC 8446Lane D · SecurityFREE

TLS handshake

TLS 1.3 handshake is a cryptographic ceremony — ClientHello, ServerHello+Cert, KeyExchange, Finished. The animation shows the scan-line shroud building up progressively across each stage. By the Finished stage the wire is fully encrypted.

Animation

TLS version

Engineering pitfalls

Certificate-chain trust failure

Your server's certificate chain must include intermediate CAs the client can validate. Forget the intermediate and clients see "unable to verify the first certificate". Test with `openssl s_client -showcerts`.

Cipher-suite negotiation downgrade attack

Allowing weak ciphers (RC4, 3DES) lets an attacker force a downgrade. TLS 1.3 dropped them entirely; if you still serve TLS 1.2, restrict to AEAD-only suites.

Session-resumption tickets leaking forward-secrecy

TLS session tickets bypass the full handshake but compromise the ticket-encryption key = all past sessions decrypt. Rotate ticket keys aggressively (≤24h).

References

Primary sources

RFC 8446 — The Transport Layer Security (TLS) Protocol Version 1.3.
RFC 8447 — IANA Registry Updates for TLS and DTLS.
CompTIA Security+ SY0-701 §4.1.