TLS Handshake

Transport Layer Security Handshake

Medium — good to knowNetworking

ELI5 — The Vibe Check

The TLS handshake is the 'hello, do we trust each other?' ceremony that happens before any HTTPS data flows. The browser and server exchange certificates, agree on encryption methods, and swap keys. After the handshake, all data is encrypted. It takes a fraction of a second.

Real Talk

The TLS handshake establishes an encrypted session between a client and server. In TLS 1.3: the client sends supported cipher suites, the server selects one and sends its certificate, the client verifies the certificate and they derive session keys. TLS 1.3 completes in one round-trip.

Show Me The Code

# View TLS handshake details with curl
curl -v https://example.com 2>&1 | grep -E 'SSL|TLS|certificate'

# Check TLS version and cipher
openssl s_client -connect example.com:443

# Output shows:
# TLSv1.3, TLS handshake, Certificate
# SSL-Session: Protocol: TLSv1.3

When You'll Hear This

"The TLS handshake is failing because the certificate is expired." / "TLS 1.3 completes the handshake in one round trip."

Related Terms

Certificate

A certificate is a digital ID card for a website, signed by a trusted authority.

intermediateSecurity

HTTP/2

HTTP/2 is a supercharged version of HTTP. With HTTP/1.1, you could only ask for one thing at a time per connection.

intermediateNetworking

HTTPS (HyperText Transfer Protocol Secure)

HTTPS is HTTP but with a bodyguard. All the data flying between your browser and the website is scrambled so nobody can spy on it.

beginnerNetworking

QUIC (Quick UDP Internet Connections)

QUIC is Google's invention that takes the speed of UDP and adds the reliability of TCP, all while encrypting everything.

advancedNetworking

SSL (SSL)

SSL (Secure Sockets Layer) is the old-school version of the lock you see in your browser address bar.

beginnerSecurity

Back to Browse Random Term