TLS Handshake Deep Dive – TLS v1.2
Published by Pearson
Everything that happens between you and your browser when visiting an HTTPS website
You’ve been told your whole Internet life that if you see “HTTPS" and a padlock, that means the web session is “secure.” But what does that really mean? What exactly does “secure" entail, and how is that security attained?
This live course answers these questions by demystifying the SSL/TLS protocol through an exploration of each step of the TLS Handshake. We show you exactly what happens between your web browser and the website in the initial milliseconds of every visit to attain that coveted padlock. All of this will be done with an emphasis on a practical understanding of the handshake, demonstrated by examining real live packet captures of a TLS handshake.
What you’ll learn and how you can apply it
By the end of the live online course, you’ll understand:
- The content and purpose of every message sent between the Client & Server in a TLSv1.2 Handshake
- How various cryptographic functions come together to provide security
- A practical foundation for troubleshooting TLS and TLS sessions
- The key (or keys) you would need to decrypt a TLS session
And you’ll be able to:
- Confidently talk through every message from every step of the TLS handshake
- Inspect, analyze, and decrypt TLS sessions in Wireshark
- Understand Cryptography from a grounded, practical perspective
This live event is for you because...
- You are someone who configures, inspects, or troubleshoots HTTPS or SSL VPNs
- You are someone who is involved with SSL Certificate procurement, management, or deployment
- You are someone who is looking for a grounded, thorough understanding of exactly what happens in the initial milliseconds of a secure connection
Prerequisites
- Basic familiarity with Networking (IP addresses, DNS, browsing the Web, Wireshark)
- Basic familiarity with Cryptography (Encryption, Hashing, Asymmetric Crypto) – although the core concepts will be reviewed in the beginning of class
Course Set-up
- Download Wireshark from wireshark.org
- Students will be given a PCAP file to open in Wireshark.
Recommended Preparation
- Attend: Networking Fundamentals by Ed Harmoush
- Watch: CompTIA Network+ N10-008 by Ryan Lindfield
- Read: CompTIA Network+ N10-008 Cert Guide by Anthony J. Sequeira
Recommended Follow-up
- Watch: CompTIA Security+ SY0-701 by Sari Greene
- Attend: CompTIA Security+ SY0-701 Crash Course by Sari Greene
- Attend: TLS Handshake Deep Dive – TLS v1.3 by Ed Harmoush
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Segment 1: Core Cryptography (30 minutes)
- A quick review of the core cryptographic concepts needed to understand the TLS handshake
- Symmetric Cryptography: Encryption, Hashing, MAC / HMAC, PRF
- Asymmetric Cryptography: Key Exchanges, Signatures
Q&A (10 minutes)
Segment 2: SSL Certificates & Certificate Authorities (20 minutes)
- What is an SSL Certificate?
- Who is a Certificate Authority?
- What are Certificate Chains?
Q&A (10 minutes)
Segment 3: Before the Handshake (20 minutes)
- What is the Client and the Server?
- What do each of these need/have before the Handshake occurs?
Q&A (10 minutes)
Segment 4: The First Two Messages: Client Hello and Server Hello (30 minutes)
- Everything sent in the Client Hello and its purpose
- Everything sent in the Server Hello and its purpose
- What both the Client and Server know/have after this exchange
Break (15 minutes)
Segment 5: The Rest of the Handshake (30 minutes)
- Server Certificate
- Server Key Exchange
- Server Hello Done
- Client Key Exchange
- Change Cipher Spec
- Client Finished
- Server Finished
Q&A (15 minutes)
Segment 6: Decrypting TLS Session in Wireshark (30 minutes)
- Inspecting a real TLS session packet capture in Wireshark
- Decrypting a TLS session using Wireshark
- Exercise: Providing Wireshark the keys necessary to Decrypt a TLS Session
Q&A (10 minutes)
Course wrap-up and next steps (10 minutes)
Your Instructor
Ed Harmoush
Ed Harmoush is a Network Engineer who self-studied his way into the field. He has a knack for teaching in a practical, methodical way, maximizing the learning outcome and minimizing the cognitive load for his audience. He is a lifelong learner who is always pursuing a deeper understanding of the technology he works with—and while he humbly admits he doesn’t know everything, what he does know, he can teach to anyone.