TLS Handshake Explained: Step-by-Step Guide to Secure Connections
What Is the TLS Handshake?
The TLS (Transport Layer Security) handshake is the process by which a client and server establish an encrypted connection. Every time you visit an SSL/TLS проверку website, a TLS handshake occurs before any application data is exchanged. Understanding this process is essential for diagnosing connection issues, optimizing performance, and configuring secure servers.
TLS 1.2 Handshake: Step by Step
The TLS 1.2 handshake requires two round trips between client and server before encrypted data can flow. Here is a detailed breakdown:
Round Trip 1: Hello and Key Exchange
- ClientHello: The client sends supported cipher suites, TLS version, a random number (client random), and optional extensions like SNI (Server Name Indication).
- ServerHello: The server selects a cipher suite, sends its random number (server random), and its digital certificate containing the public key.
- Certificate Verification: The client validates the server certificate against trusted Certificate Authorities (CAs), checks expiration, revocation status, and domain match.
- Key Exchange: Using the selected algorithm (RSA or Diffie-Hellman), both parties derive the pre-master secret.
Round Trip 2: Finishing the Handshake
- Client Finished: The client sends a ChangeCipherSpec message and an encrypted Finished message using the derived session keys.
- Server Finished: The server sends its own ChangeCipherSpec and Finished message.
- Secure channel established: Application data can now flow encrypted in both directions.
Client Server
|--- ClientHello ------------------>|
|<-- ServerHello, Certificate ------|
|<-- ServerKeyExchange, Done -------|
|--- ClientKeyExchange ------------>|
|--- ChangeCipherSpec, Finished --->|
|<-- ChangeCipherSpec, Finished ----|
|=== Encrypted Application Data ===|TLS 1.3: The Faster Handshake
TLS 1.3, finalized in 2018 (RFC 8446), dramatically simplifies and accelerates the handshake process. The most significant improvement is reducing the handshake from two round trips to just one.
Key Improvements in TLS 1.3
- 1-RTT handshake: The client sends its key share in the first message, allowing the server to derive keys immediately. This cuts handshake latency by 50%.
- 0-RTT resumption: For returning clients, TLS 1.3 supports zero round-trip resumption, sending encrypted data in the very first packet.
- Removed insecure algorithms: Static RSA key exchange, CBC mode ciphers, RC4, SHA-1, MD5, and arbitrary Diffie-Hellman groups are all eliminated.
- Mandatory forward secrecy: All TLS 1.3 cipher suites use ephemeral key exchange, ensuring past sessions cannot be decrypted if long-term keys are compromised.
- Encrypted handshake: Server certificate and most handshake messages are encrypted, improving privacy.
Client Server
|--- ClientHello + KeyShare ------->|
|<-- ServerHello + KeyShare --------|
|<-- {EncryptedExtensions} ---------|
|<-- {Certificate, Finished} -------|
|--- {Finished} ------------------->|
|=== Encrypted Application Data ===|TLS 1.2 vs TLS 1.3 Comparison
| Feature | TLS 1.2 | TLS 1.3 |
|---|---|---|
| Handshake round trips | 2 RTT | 1 RTT (0-RTT for resumption) |
| Forward secrecy | Optional (depends on cipher) | Mandatory |
| Cipher suites | 37+ (many insecure) | 5 (all secure) |
| Certificate encryption | Plaintext | Encrypted |
| RSA key exchange | Supported | Removed |
| 0-RTT resumption | Not available | Supported |
Performance Implications
The performance difference between TLS 1.2 and 1.3 is significant, especially on high-latency connections:
- Mobile users: On cellular networks with 100ms+ latency, TLS 1.3 saves 100-200ms per new connection. This directly impacts Time to First Byte (TTFB) and perceived page speed.
- API services: For microservices making thousands of inter-service calls, the reduced handshake overhead accumulates into measurable throughput improvements.
- CDN edge nodes: Content delivery networks benefit enormously from 0-RTT, serving returning visitors with minimal latency penalty.
Optimizing TLS Performance
# Recommended nginx TLS configuration
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;Common Handshake Failures
- Certificate mismatch: The domain in the certificate does not match the requested hostname. Check SANs (Subject Alternative Names) and wildcard coverage.
- Expired certificate: Automate renewal with tools like certbot and monitor expiration dates proactively.
- Cipher suite mismatch: Client and server share no common cipher suites. Update server configuration to support modern algorithms.
- Incomplete certificate chain: The server does not send intermediate CA certificates. Always configure the full chain file.
- Clock skew: Significant time differences between client and server can cause validation failures.
Conclusion
The TLS handshake is the foundation of secure web communication. Migrating to TLS 1.3 delivers both stronger security and better performance. Prioritize TLS 1.3 support in your server configuration, ensure certificates are properly managed, and regularly audit your TLS setup to maintain a fast and secure connection for all users.
Check your website right now
Check now →