The TLS Handshake Explained: How HTTPS Secures Every Web Connection

What Is TLS?

Transport Layer Security (TLS) is the cryptographic protocol that underpins HTTPS — the secure version of the web. When you see the padlock icon in your browser's address bar, TLS is working behind the scenes to ensure three things:

• Confidentiality: Your data is encrypted and unreadable to eavesdroppers.
• Integrity: Data cannot be altered in transit without detection.
• Authentication: You're actually talking to the server you think you are.

The mechanism by which TLS establishes these guarantees is called the TLS handshake. It happens automatically, typically in under 100 milliseconds, every time you connect to an HTTPS website.

TLS 1.3 vs. TLS 1.2

The current standard is TLS 1.3 (RFC 8446), which streamlines and improves upon TLS 1.2. TLS 1.3 reduces the handshake to fewer round trips, removes legacy insecure cipher suites, and mandates forward secrecy by default. This guide focuses primarily on TLS 1.3.

The TLS 1.3 Handshake: Step by Step

Step 1: ClientHello

The client (your browser) initiates the handshake by sending a ClientHello message to the server. This message includes:

• Supported TLS versions
• A list of supported cipher suites (e.g., AES-256-GCM with SHA-384)
• A randomly generated client nonce
• Key shares for supported key exchange algorithms (e.g., X25519 Diffie-Hellman parameters)

Step 2: ServerHello

The server responds with a ServerHello message, selecting:

• The TLS version to use
• The chosen cipher suite
• A server nonce
• Its own key share for the key exchange

At this point, both sides have enough information to derive the session keys using the Diffie-Hellman key exchange — the actual shared secret is never transmitted over the wire.

Step 3: Server Certificate & Finished

The server sends its digital certificate (issued by a trusted Certificate Authority) along with a digital signature over the handshake messages. This proves the server's identity. The server then sends a Finished message — the first encrypted message, authenticated with the derived session keys.

Step 4: Client Finished

The client verifies the server's certificate against its trusted CA store. If validation passes, the client sends its own Finished message. The handshake is complete. All subsequent communication is encrypted with the negotiated symmetric session keys.

Key Cryptographic Concepts in the Handshake

Ephemeral Diffie-Hellman Key Exchange

TLS 1.3 exclusively uses ephemeral (temporary) Diffie-Hellman key pairs. This means a new key pair is generated for every session, providing Perfect Forward Secrecy (PFS). Even if the server's long-term private key is compromised later, past sessions cannot be decrypted.

Certificate Authorities (CAs)

Trust in TLS relies on a hierarchy of Certificate Authorities — organizations whose root certificates are pre-installed in your operating system and browser. When a server presents a certificate, your browser traces a chain of signatures back to one of these trusted roots.

Cipher Suites

A cipher suite specifies the algorithms used for each part of the connection. In TLS 1.3, all approved cipher suites provide authenticated encryption. Examples include:

• TLS_AES_128_GCM_SHA256
• TLS_AES_256_GCM_SHA384
• TLS_CHACHA20_POLY1305_SHA256

What TLS Doesn't Protect

It's important to understand TLS's limits. TLS secures data in transit between your browser and the server — it does not protect data once it's stored on the server, nor does it prevent the server itself from misusing your data. It also doesn't protect against DNS leaks or malicious content served by a legitimately-certified server. TLS is a critical layer of security, but it's one layer of many in a comprehensive security strategy.