A security manager reports handshake failures on a web server using newer ciphers. Analysis shows ephemeral session keys are not exchanged when some clients connect. Which measure best addresses these failures?
Use older algorithms to improve handshake compatibility
Enable ephemeral key exchange suites on the server
Replace short certificate validity periods with longer ones
Disable session renegotiation across all cipher suites
Enabling support for ephemeral key exchange suites ensures that session keys are negotiated for each connection, which promotes handshake reliability and data protection. Relying on older algorithms or disabling certain features can weaken overall security and may not resolve the negotiation issues. Extending certificate validity periods does not affect short-lived session key exchanges and does not mitigate handshake errors.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What are ephemeral key exchange suites?
Open an interactive chat with Bash
What is forward secrecy, and why is it important?
Open an interactive chat with Bash
Why is replacing short certificate validity periods not a solution for handshake failures?