Member-only story
Deep Dive Into TLS Handshake
TLS 1.2 Handshake process explained step by step
I wrote an article on how to resolve SSL certificate errors a while ago. The article briefly discussed the TLS handshake. There are a lot more details left uncovered.
Surprisingly, the article became the most viewed among my Medium posts since I started writing technical blogs. I guess readers are interested because the article explains SSL concepts in plain English, which motivated me to write this article.
Let’s dive deep into the TLS handshake process.
Jump ahead:
- Overview
- Step 1: Client Hello
- Step 2: Server Hello
- Step 3: Client Key Exchange
- Step 4: Server Change Cipher Spec
- Conclusion
What is a TLS handshake?
TLS handshake establishes a secure connection between a client and a server. When you visit a website via HTTPS, a TLS handshake happens between your browser and the web server so your browser can communicate with the web server via a secure connection.
The main purpose of TLS handshake is
- Negotiates Cipher suites and TLS version
- Authenticating both server and client
- Exchange keys
There are two common versions of TLS handshakes: TLS 1.2 and TLS 1.3. TLS 1.3 was published in 2018 by IETF as RFC 8446. It is an improved version of TLS 1.2.
In this article, we discuss TLS 1.2 only. If you understand the TLS 1.2 handshake process, TLS 1.3 will be easy as it is a short version.
Overview
The handshake process involves several messages exchanged between the client and server. They can be grouped into four main steps.
- Client Hello
- Server Hello
- Client Key Exchange and Change Cipher Spec
- Server Change Cipher Spec
The screenshot below shows the handshake process captured by Wireshark.
