InterviewStack.io LogoInterviewStack.io

TLS Protocol Security Questions

Deep understanding of transport layer security protocols and their secure deployment. Topics include TLS handshake mechanics, cipher suite negotiation, certificate validation and management, session resumption and key exchange algorithms, forward secrecy, common vulnerabilities and mitigations such as downgrade and padding oracle attacks, practical configuration for servers and clients, certificate revocation and lifecycle management, and compatibility considerations across protocol versions.

MediumTechnical
0 practiced
Write a Python script (using the 'ssl' and 'cryptography' libraries) that accepts a list of host:port entries, connects to each server, retrieves the leaf certificate, verifies its expiration date and that the certificate chain is present, and emits a JSON report listing hosts with certificates expiring within 30 days or missing intermediates. Describe error handling for unreachable hosts and invalid certs.
EasyTechnical
0 practiced
List common tools and basic commands an SRE would use to validate a server's TLS configuration and troubleshoot issues (e.g., openssl s_client, s_server, curl with --capath, sslyze, testssl.sh, Wireshark/tcpdump). Show an example command to test SNI and TLS 1.2 support.
MediumSystem Design
0 practiced
You are tasked with disabling TLS 1.0 and TLS 1.1 across a global fleet without causing major outages. Describe a safe rollout plan: discovery of clients and endpoints using old protocols, canarying, telemetry to watch for failures, rollback criteria, communication plan for downstream teams and customers, and special considerations for embedded or legacy clients.
HardTechnical
0 practiced
You must roll out TLS 1.3 across a product with millions of users where older clients exist. Provide a rollout plan covering: staged canaries, telemetry to detect client failures, GREASE usage to avoid ossification, fallback strategies, and how to handle debugging when a client fails to negotiate TLS 1.3 properly.
EasyTechnical
0 practiced
Describe mutual TLS (mTLS): what changes in the TLS handshake, how client certificates are validated, and typical production use-cases (service-to-service auth, zero-trust). What operational challenges should an SRE expect when rolling out mTLS across many microservices?

Unlock Full Question Bank

Get access to hundreds of TLS Protocol Security interview questions and detailed answers.

Sign in to Continue

Join thousands of developers preparing for their dream job.