The TLS/SSL Handshake

What TLS Does

When you visit an HTTPS site, three things happen behind the scenes:

Authentication: the server proves it's who it claims to be (mybank.com is actually mybank.com).
Encryption: all traffic is encrypted so eavesdroppers see only ciphertext.
Integrity: tampering with traffic is detected.

This is TLS (Transport Layer Security). The older name is SSL but TLS is what's actually in use. Together they're often abbreviated TLS/SSL.

The Two Big Versions

TLS 1.2: released 2008. Still common but being phased out.
TLS 1.3: released 2018. Faster, simpler, more secure. The current standard.

The handshake differs significantly between them. We'll cover both.

The TLS 1.2 Handshake (Two Round Trips)

Step by step:

1. Client Hello. The client says: "Hi, here's the TLS versions and cipher suites I support, and a random number."
2. Server Hello. The server says: "Let's use TLS 1.2 and cipher X. Here's my random number too."
3. Server Certificate. The server sends its TLS certificate, which contains its public key and is signed by a Certificate Authority (CA).
4. Server Key Exchange (sometimes). Depending on the cipher, additional key parameters.
5. Server Hello Done. "I'm done with my opening."
6. Client Verifies. Client verifies the certificate is valid: signed by a trusted CA, not expired, matches the domain.
7. Client Key Exchange. Client generates a random "premaster secret," encrypts it with the server's public key, sends it.
8. Both derive session keys. Using the random numbers + premaster secret, both compute a symmetric session key (same on both sides).
9. Client + Server "Finished" messages encrypted with the session key. Confirms everything's working.
10. Application data flows. Encrypted with the symmetric session key.

Total: 2 round trips before any HTTP request goes through. ~100ms latency overhead in addition to the TCP handshake.

The TLS 1.3 Handshake (One Round Trip)

TLS 1.3 streamlines this dramatically:

1. Client Hello. Client guesses the cipher and includes its key share for that cipher in the first message.
2. Server Hello. If the guess was right, server sends its key share back along with certificate and Finished message, all in one trip.
3. Client Finished. Client confirms.
4. Application data flows.

1 round trip total. Half the latency of 1.2.

Plus 1.3 supports 0-RTT (zero round-trip time) for resumed connections: if the client has talked to this server before, it can include actual data in the very first message. The server can respond with both the handshake completion AND the application response.

Certificates and the Trust Chain

The server's certificate is the heart of authentication. It says: "I am mybank.com and my public key is X." It's signed by a Certificate Authority (CA) that the client trusts.

The trust chain:

Browser ships with a list of trusted root CAs (operating systems and browsers maintain these).
Root CAs sign intermediate CAs.
Intermediate CAs sign individual server certificates.
When the server presents its certificate, the chain back to a trusted root must validate.

Modern certificates are typically issued by Let's Encrypt (free) or commercial CAs.

Cipher Suites

A cipher suite specifies the algorithms used:

Key exchange (how do we agree on a session key?): ECDHE, DH.
Authentication (how does the server prove identity?): RSA, ECDSA.
Bulk encryption (encrypts the actual data): AES-256-GCM, ChaCha20.
MAC (integrity check): HMAC-SHA256, GCM-built-in.

TLS 1.3 simplified: drop weak options, mandate AEAD ciphers (GCM, ChaCha20-Poly1305) which combine encryption and integrity.

Why Symmetric After Asymmetric?

The handshake uses asymmetric crypto (RSA, ECDHE) to establish a shared secret. After that, everything switches to symmetric crypto (AES) for the actual data.

Why? Asymmetric is slow, designed for key exchange. Symmetric is fast, designed for bulk encryption. Use each where it shines.

Common Issues

Certificate expiration: certs expire (typically 90 days for Let's Encrypt). Forgot to renew? Site goes down. Use auto-renewal.
SNI (Server Name Indication): when many sites share an IP, SNI lets the client say which site it wants. Required for hosting multiple HTTPS sites on one IP.
Mixed content: an HTTPS page loading HTTP resources. Browsers block this.
HSTS (HTTP Strict Transport Security): a header that tells browsers to always use HTTPS for this domain. Prevents downgrade attacks.
Certificate transparency: all valid certificates are logged publicly so misissued certs can be detected.

The One Thing to Remember

TLS is the layer that makes the modern web safe. The handshake establishes identity (via certificates) and a shared secret (via asymmetric crypto), then switches to fast symmetric encryption for the actual data. TLS 1.3 cut the round trips and complexity. You probably don't need to implement TLS yourself; just configure it correctly: modern versions, strong ciphers, valid certificates, HSTS enabled.