TLS Handshake

The TLS Handshake is a series of messages exchanged between a client (typically a web browser) and server to establish a secure, encrypted connection. The handshake serves multiple purposes: authenticating the server (and optionally the client), negotiating the encryption algorithms and protocol version to be used, and establishing the session keys for symmetric encryption. The process begins when the client sends a 'Client Hello' message specifying supported TLS versions, cipher suites, and extensions.

The server responds with a 'Server Hello' selecting the protocol version and cipher suite, followed by its certificate chain for authentication. The client verifies the certificate chain and generates a pre-master secret, which it encrypts with the server's public key and sends to the server. Both parties then derive the same session keys from this pre-master secret and other handshake data.

Finally, both send 'Finished' messages encrypted with the new session keys to confirm the handshake completed successfully. Modern TLS 1.3 has streamlined this process to reduce round trips and improve performance while maintaining security.