TLS Handshake Deep Dive – TLS v1.3
Published by Pearson
Understand the important changes, what didn't change, why, and take a deep dive into the TLS 1.3 handshake
- Detailed, practical breakdown of what changes and what stays the same in TLS 1.3 compared to TLS 1.2
- A message-by-message exploration of every step of the TLSv1.3 handshake
- Collaborative exploration of a TLS 1.3 handshake in Wireshark (both before and after decryption)
TLS 1.3 represents the latest evolution in the SSL/TLS protocol family. Despite its seemingly minor version increment from TLSv1.2, it introduces the most substantial changes to the protocol to date, surpassing even the transition from SSLv3 to TLSv1.0. The first half of this course is dedicated to guiding you through the most significant and relevant changes in TLS 1.3, illustrating what is different, why it matters, and what stays the same.
In the second half of the course, we take a deep dive into the most significant change: the new TLS handshake. We’ll step through every message exchanged between your web browser and a website within the initial milliseconds of a TLS 1.3 session. Following this, we’ll inspect a TLS 1.3 handshake in Wireshark to validate everything we’ve learned in the course. We’ll examine a packet capture both as it appears on the wire (encrypted), and then, after providing the keys to Wireshark, we’ll decrypt the TLS handshake.
What you’ll learn and how you can apply it
By the end of the live online course, you’ll understand:
- The major differences in TLS 1.3 compared to prior versions of TLS & SSL
- The content and purpose of every message sent between the Client & Server in a TLSv1.3 handshake
- Exactly if, when, where, and how to decrypt TLS 1.3 sessions
And you’ll be able to:
- Confidently talk through every message from every step of the TLSv1.3 handshake
- Inspect, Analyze, Understand, and Decrypt TLSv1.3 sessions in Wireshark
- Understand Cryptography from a grounded, practical perspective
This live event is for you because...
- Anyone who configures, inspects, or troubleshoots HTTPS or SSL VPNs
- Anyone who is involved with SSL Certificate procurement, management, or deployment
- Anyone looking for a grounded, thorough understanding of exactly what happens in the initial milliseconds of a TLS 1.3 connection
- Anyone who understands TLSv1.2 (and prior), and now wants to understand TLS 1.3
Prerequisites
- Basic familiarity with Networking (IP addresses, DNS, browsing the Web, Wireshark)
- Basic familiarity with Cryptography (Encryption, Hashing, Asymmetric Crypto)
- A thorough understanding of TLS 1.2 (and prior)
Course Set-up
- Students will be given a PCAP file to open in Wireshark. Wireshark can be downloaded and installed from wireshark.org.
Recommended Preparation
- Attend: Networking Fundamentals by Ed Harmoush
- Attend: TLS Handshake Deep Dive – TLS v1.2 by Ed Harmoush
- Watch: CompTIA Network+ N10-008 by Ryan Lindfield
- Read: CompTIA Network+ N10-008 Cert Guide by Anthony J. Sequeira
Recommended Follow-up
- Watch: CompTIA Security+ SY0-701 by Sari Greene
- Attend: CompTIA Security+ SY0-701 Crash Course by Sari Greene
Schedule
The time frames are only estimates and may vary according to how the class is progressing.
Segment 1: TLS 1.3 Overview (10 minutes)
- A quick overview and introduction to the changes in TLS 1.3
- Identifying what stays the same in TLS 1.3
- TLS 1.3 favors simplicity and security over backwards compatibility
Segment 2: Changes to TLS 1.3 Related to Cipher Suites (20 minutes)
- What are Cipher Suites?
- Old protocols no longer supported
- Simpler Cipher Suites
- Fewer Cipher Suites
- All TLS 1.3 Ciphers are AEAD
- Forward Secrecy
- Removed Custom DH Groups
Segment 3: Changes to TLS 1.3 Related to the TLS Handshake (20 minutes)
- Comparison of the TLS 1.3 handshake with that of TLS 1.2
- Shorter handshake (one round trip)
- Most of the handshake is encrypted
- Client certificate is encrypted
- Many, many more session keys
Q&A (10 minutes)
Break (5 minutes)
Segment 4: Complications with TLS 1.3 (Middleboxes) (25 minutes)
- What are Middleboxes?
- How do Middleboxes complicate upgrades to TLS?
- Workarounds implemented in TLS 1.3 for middlebox compatibility
- Long Term solution: GREASE
Segment 5: Forward Secrecy (15 minutes)
- What is Forward Secrecy?
- RSA Key Exchanges
- Diffie-Hellman Key Exchanges
- Passive vs Active Decryption of TLS
Q&A (10 minutes)
Break (5 minutes)
Segment 6: Decrypting TLS 1.3 (20 minutes)
- Scenarios where TLS 1.3 can be decrypted
- Full Proxies
- End-to-end encryption
- Forward Proxy vs Reverse Proxy
- Certificates on Proxies
- Session Key Extraction
Segment 7: TLS 1.3 Handshake Deep Dive (30 minutes)
- Message-by-message walk through of every record sent between Client and Server
Q&A (10 minutes)
Segment 8: TLS 1.3 Handshake in Wireshark (40 minutes)
- Inspecting a real TLS 1.3 session packet capture in Wireshark
- Decrypting a TLS 1.3 session using Wireshark
- Inspecting and Decrypting TLS 1.3 using Wireshark
Q&A (10 minutes)
Course wrap-up and next steps (10 minutes)
Your Instructor
Ed Harmoush
Ed Harmoush is a Network Engineer who self-studied his way into the field. He has a knack for teaching in a practical, methodical way, maximizing the learning outcome and minimizing the cognitive load for his audience. He is a lifelong learner who is always pursuing a deeper understanding of the technology he works with—and while he humbly admits he doesn’t know everything, what he does know, he can teach to anyone.