TLS 1.3 Lab Shows What Network Observers Can See Before Encryption Begins
A hands-on Protocol Lab tutorial examines exactly which parts of a TLS 1.3 handshake remain visible to an on-path observer before encryption takes effect. Using OpenSSL tools inside a two-node container lab, participants capture a live TLS handshake and inspect its cleartext components. The ClientHello message — which carries the Server Name Indication (SNI) and Application-Layer Protocol Negotiation (ALPN) offer — is transmitted in plaintext and fully readable on the wire. The ServerHello, which confirms the chosen cipher suite and key share, is also unencrypted, but the server certificate is protected, unlike in TLS 1.2. The lab references RFC 8446 and related standards, and is designed to take between 55 and 70 minutes to complete.
This is an AI-generated summary. ShortSingh links to the original source for the complete article.
Discussion (0)
Log in to join the discussion and vote.
Log in