Networking & Protocols
TLS 1.3: free-recall review
Retrieval beats re-reading. For each prompt, say or write a full answer from memory before you open the model answer — the effort of recall is what makes the mechanism stick.
Reconstruct the unit’s core mechanisms — the 1-RTT handshake, forward secrecy, the transcript hash, 0-RTT replay defenses, the HKDF key schedule, and SNI privacy — without looking back at the lessons.
- 01Walk the TLS 1.3 cold handshake from ClientHello to first encrypted byte, and explain why it costs exactly one RTT.
- 02Why does embedding an ephemeral ECDHE key_share in ClientHello give Perfect Forward Secrecy automatically?
- 03What is the transcript hash and how does it make the handshake tamper-evident, including downgrade attempts?
- 04PSK resumption and 0-RTT both reuse a cached secret. What is the security difference between them?
- 05List the three orthogonal 0-RTT replay defenses production deployments layer together, and what each catches.
- 06Why does TLS 1.3 run the ECDHE secret through an HKDF key schedule with domain-separated labels instead of using it directly, and why does SNI still need ECH?
If you could reconstruct each answer from memory, you hold the unit’s spine: the ECDHE key_share in ClientHello buys 1-RTT and PFS together; the transcript hash makes every negotiated parameter tamper-evident; PSK resumption trades fresh authentication for speed while staying replay-safe, but 0-RTT trades a round-trip for replay exposure that three layered defenses must contain; the HKDF key schedule isolates every key branch; and SNI still leaks the hostname until ECH encrypts it.