Back to Blog
8 min readProtocols & Networking

TLS Handshake Explained Step-by-Step

#TLS#Networking#Encryption

The Transport Layer Security (TLS) protocol is the backbone of secure communication on the web. When you see that padlock icon in your browser, TLS is doing the heavy lifting. But how does it actually work?

The Goal of TLS

TLS aims to provide three things:

  1. Encryption: Hiding the data from eavesdroppers.
  2. Authentication: Verifying the identity of the parties (usually the server).
  3. Integrity: Ensuring the data hasn't been tampered with.

TLS 1.2 vs 1.3

TLS 1.3 is a major overhaul. It removed insecure algorithms (like RC4 and SHA-1) and reduced the handshake latency from 2 round-trips (2-RTT) to 1-RTT.

The Handshake (TLS 1.3)

Let's break down the 1-RTT handshake.

1. Client Hello

The client starts the conversation. It sends:

  • Protocol Version: "I want to speak TLS 1.3".
  • Random: A 32-byte random number.
  • Cipher Suites: A list of algorithms it supports (e.g., TLS_AES_256_GCM_SHA384).
  • Key Share: A public key for the Diffie-Hellman key exchange. This is new in 1.3—the client guesses the server will support this group and sends the key immediately to save a round trip.

2. Server Hello

The server responds:

  • Selected Protocol: "Let's speak TLS 1.3".
  • Selected Cipher: "We will use AES-256-GCM".
  • Key Share: The server's public key.
  • Server Certificate: Proof of identity.
  • Certificate Verify: A digital signature using the certificate's private key, proving ownership.
  • Finished: An encrypted MAC of the entire handshake so far.

At this point, the server can start sending encrypted application data!

3. Client Finished

The client verifies the certificate and the signature. It computes the shared secret using the server's public key. It sends its own "Finished" message.

Now the tunnel is fully established.

Key Takeaway

TLS 1.3 is faster and more secure because it starts the key exchange immediately in the first message (Client Hello), assuming a common key agreement protocol like X25519.

Wireshark Analysis

If you capture this in Wireshark, you'll see the Client Hello in cleartext. But the Server Hello in TLS 1.3 encrypts the certificate extensions, so you won't see the certificate details in plain text like you did in TLS 1.2. This improves privacy (Encrypted Client Hello or ECH is the next step).