History of SSL/TLS Protocols

Questions and Answers

What is the primary purpose of the handshake phase in SSL?

• To negotiate the protocol version and cipher suite (correct)
• To establish a symmetric key for data transfer
• To authenticate the client using public-key cryptography
• To encrypt the application data

What is the main reason for the overhead in SSL compared to TCP?

• The overhead of the record header and payload
• The redundant version checking in the record header
• The use of symmetric key encryption in the data transfer phase
• The need for public-key encryption in the handshake phase (correct)

What is the purpose of the initialization vectors in the key material?

• To encrypt the message authentication codes (MACs)
• To decrypt the encrypted data
• To initialize the cipher block chaining (CBC) mode (correct)
• To provide a random seed for the symmetric key

What is the purpose of the session ID in SSL?

To index the session resumption cache (C)

What is the primary application of SSL/TLS in the given scenario?

Secure email communication using SMTP/SSL (C)

What is the main benefit of session resumption in SSL?

Reduced overhead due to fewer handshake messages (A)

What is the main purpose of the Handshake Protocol in SSL/TLS?

To establish a secure connection (B)

What is the primary function of the SSL/TLS Record Protocol?

To transfer application data (A)

What is the purpose of the random number in the Client Hello message?

To prevent replay attacks (A)

What is the result of combining the premaster secret and random values in SSL/TLS?

Master secret (A)

What is the purpose of the Certificate Revocation List (CRL) in SSL/TLS?

To ensure the certificate has not been revoked (A)

What is the primary function of the SSL/TLS Change Cipher Spec message?

To switch to newly negotiated algorithms and key material (C)

What is the purpose of the SSL/TLS Finished message?

To verify the integrity of the master secret (B)

What is the main difference between SSL 3.0 and TLS 1.0?

SSL 3.0 is not interoperable with TLS 1.0 (D)

What is the purpose of the Client Hello message in SSL/TLS?

To offer a list of supported cipher suites to the server (B)

What is the main purpose of the SSL/TLS protocol?

To establish a secure connection (D)

What is the primary goal of the TLS protocol?

To provide privacy and data integrity between two communicating applications (D)

What is the OSI model layer that is responsible for providing logical addressing and routing?

Network layer (D)

What is the original protocol that SSL/TLS is based on?

Secure Sockets Layers protocol, ver 3.0 (C)

What is the purpose of the Certification Authority (CA) in a Public Key Infrastructure (PKI)?

To issue digital certificates to clients (D)

What is the layer of the OSI model that is responsible for providing error-free transfer of data between devices?

Transport layer (D)

What is the first version of the SSL protocol?

SSL 1.0 (D)