A security manager reports handshake failures on a web server using newer ciphers. Analysis shows ephemeral session keys are not exchanged when some clients connect. Which measure best addresses these failures?
Enable ephemeral key exchange suites on the server
Use older algorithms to improve handshake compatibility
Disable session renegotiation across all cipher suites
Replace short certificate validity periods with longer ones
Enabling support for ephemeral key exchange suites ensures that session keys are negotiated for each connection, which promotes handshake reliability and data protection. Relying on older algorithms or disabling certain features can weaken overall security and may not resolve the negotiation issues. Extending certificate validity periods does not affect short-lived session key exchanges and does not mitigate handshake errors.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is an ephemeral key exchange?
Open an interactive chat with Bash
What is forward secrecy and why is it important?
Open an interactive chat with Bash
How do ephemeral key exchange suites differ from older algorithms?