← Back

SSL/TLS Handshake

Establishing a secure HTTPS connection

💻

Client

Browser

1. ClientHello

TLS Version: 1.3
Random: 32 bytes
Cipher Suites: TLS_AES_256_GCM_SHA384...
Extensions: SNI, ALPN, supported_groups

2. ServerHello

TLS Version: 1.3
Random: 32 bytes
Selected Cipher: TLS_AES_256_GCM_SHA384
Key Share: X25519 public key

3. Certificate

Server Certificate Chain
X.509 Certificate
Signed by: Let's Encrypt Authority X3
Valid: 90 days

4. CertificateVerify

Signature Algorithm: RSA-PSS-SHA256
Proof of private key ownership

5. Server Finished

HMAC of handshake transcript
Encrypted with handshake key

6. Client Finished

HMAC of handshake transcript
Confirms key derivation

7. Application Data

🔒 Encrypted HTTP Request
GET / HTTP/1.1
🖥️

Server

example.com

Waiting to start handshake...

TLS 1.3 Improvements

TLS 1.3 significantly improves upon older versions:

1-RTT Handshake: Connection established in one round trip (vs. 2 for TLS 1.2)

0-RTT Resumption: Send data immediately on reconnection

Removed weak ciphers: No more RC4, 3DES, or static RSA

Perfect Forward Secrecy: Required for all connections

Encrypted handshake: More metadata protected from observers