The SSL/TLS handshake is a cryptographic process that establishes a secure connection between your browser and a web server in under 250 milliseconds. It verifies the server's identity, agrees on encryption methods, and generates session keys—all before you send any sensitive data.
Every time you visit a website with a padlock icon in your browser, you're using HTTPS (HyperText Transfer Protocol Secure). Unlike HTTP, which sends data in plain text, HTTPS encrypts everything traveling between your computer and the server. This encryption happens through a process called the TLS handshake (Transport Layer Security, the modern successor to SSL).
Without HTTPS, attackers on the same network could intercept your passwords, credit card numbers, and personal information. The handshake ensures three critical things: authentication (you're talking to the right server), confidentiality (nobody can read your data), and integrity (data hasn't been tampered with).
The handshake happens in four main stages. Let's walk through each one:
Your browser initiates the connection by sending a "Client Hello" message to the server. This message contains:
TLS Version: 1.3
Client Random: 4a7f2b... (32 bytes)
Cipher Suites:
- TLS_AES_256_GCM_SHA384
- TLS_CHACHA20_POLY1305_SHA256
Supported Groups: X25519, secp384r1
Signature Algorithms: rsa_pss_rsae_sha256, ecdsa_secp256r1_sha256
The server responds with its own "Server Hello" message containing:
This certificate is crucial—it contains the server's public key and is signed by a trusted Certificate Authority (CA). Your browser verifies this certificate by checking if the CA's signature is valid and if the certificate hasn't expired or been revoked.
Subject: CN=example.com
Issuer: CN=Let's Encrypt
Valid From: 2024-01-15
Valid To: 2025-01-15
Public Key: RSA 2048-bit or EC P-256
Subject Alternative Names:
- example.com
- www.example.com
- api.example.com
This is where the magic happens. Your browser and server need to agree on a session key without transmitting it over the network (which would be insecure). They use a key exchange algorithm like ECDHE (Elliptic Curve Diffie-Hellman Ephemeral) or RSA.
Here's how ECDHE works:
The server also proves it owns the private key corresponding to the public key in its certificate by digitally signing data. Your browser verifies this signature using the certificate's public key.
Both sides calculate the master secret from the shared secret and the random numbers exchanged earlier. From the master secret, they derive:
Each side sends a "Finished" message encrypted with these keys to confirm everything went right. If either side can't decrypt the other's message, the connection closes. Once both sides verify the Finished messages, the handshake is complete and encrypted communication begins.
TLS 1.3 reduced the handshake to one round trip instead of two. It combines the Server Hello and key exchange into a single message, making connections even faster while maintaining security.
A cipher suite is a combination of algorithms that work together during the handshake and data transmission. A typical cipher suite name looks like this:
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
Breaking it down:
- ECDHE: Key exchange algorithm (Elliptic Curve Diffie-Hellman)
- RSA: Authentication algorithm (proves server identity)
- AES_256_GCM: Encryption algorithm (256-bit Advanced Encryption Standard)
- SHA384: Hash algorithm (detects tampering)
Modern browsers prefer cipher suites with:
Your browser doesn't just trust any certificate. It maintains a trust store containing root certificates from Certificate Authorities like DigiCert, Let's Encrypt, and others. When a server presents a certificate, your browser verifies the chain:
If any signature doesn't verify or the certificate's domain doesn't match the server you're connecting to, the handshake fails. This prevents man-in-the-middle attacks where an attacker tries to intercept your connection with a fake certificate.
Understanding what goes wrong helps you troubleshoot security issues:
The handshake adds latency to every new connection. That's why:
To check the handshake on your own system, you can use OpenSSL:
openssl s_client -connect example.com:443 -showcerts
This displays the full certificate chain, cipher suite selected, and handshake details.
While the TLS handshake provides strong security, it's not invulnerable. Organizations implementing HTTPS should:
For reference on related topics, check out our guides on network protocols, DNS and domain management, and HTTP headers and security.
SSL (Secure Sockets Layer) is the older protocol that TLS (Transport Layer Security) replaced. TLS 1.0 was released in 1999 as an upgrade to SSL 3.0. All modern systems use TLS; SSL is considered insecure and has been deprecated. When people say "SSL certificate," they usually mean a TLS certificate—the terminology stuck around even though SSL isn't used anymore.
The handshake itself transmits the server's public key and other non-secret information in plaintext. However, attackers can't derive the session key from this data alone. They'd need either the server's private key or the client's private key, both of which are never transmitted. Once the handshake completes and encryption begins, your data is protected by symmetric encryption (AES or ChaCha20).
The handshake requires multiple round trips between your browser and server. In TLS 1.2, that's two round trips (four messages). Add network latency, and you're looking at 100-300ms depending on your location and the server's distance. TLS 1.3 reduced this to one round trip, but network latency still applies. This is why modern websites use connection pooling and session resumption to avoid repeated handshakes.
Your browser stops the handshake and displays a warning. You'll see "Your connection is not private" or "Certificate error." Some browsers allow you to proceed anyway (not recommended), but most block the connection entirely. This protects you from man-in-the-middle attacks where an attacker tries to intercept your connection with a fraudulent certificate. Legitimate websites never have certificate errors—it's always a red flag.