SSL/TLS Handshake

Everything you need to know about SSL/TLS HANDSHAKE PROTOCOL


The SSL stands for Secure Sockets Layer, and it is an Internet security protocol that uses encryption technology. SSL certificate first came into the industry by Netscape in 1995. It is essential for the modern-day Internet. It has become a requirement for all the websites that is why most of the websites are using an SSL certificate for securing their data. All the major browsers are recommending an SSL certificate for websites. When you are managing a website and want to have secure communication, it is good to install an SSL certificate on your website. Without an SSL certificate, systems cannot perform validation for secure communication. There are certain steps that we have to follow for installing an SSL certificate. In this article, we will learn how to install an SSL certificate and what is an SSL/TLS Handshake.

What is Transport Layer Security (TLS)?

Transport Layer Security, or TLS, is the most used Internet security protocol. The main purpose of its design was to provide privacy and data security for internet communications. A common case of TLS is encryption of the communication between a website and a server. For example, a web browser opening a website. We can also use TLS to encrypt many other communications like email, messaging, and voice over IP (VoIP).

TLS was recommended by the Internet Engineering Task Force (IETF), which is an international standards organization. The first version of this protocol was issued in 1999. The most recent version is TLS 1.3, which was issued in 2018.

What is an SSL/TLS handshake?

As we know, TLS is the abbreviation of Transport Layer Security. It is a security protocol we use to secure our communication on the Internet. An SSL/TLS Handshake is a process that initiates the communication session involving TLS encryption. During this process, a user and a server start communicating messages to recognize each other. Both sides also authenticate each other, organize the encryption algorithms they are going to use for future correspondence, and agree on session keys. TLS handshake is the fundamental part of how HTTPS works.

TLS vs. SSL handshakes

TLS is the most advanced version of the SSL security protocol. The first internet security protocol for HTTP was SSL or Secure Sockets Layer encryption protocol. It was replaced by TLS or Transport Layer Security protocol a few years ago. There is no difference between SSL or TLS handshake, most people still call it SSL handshake.

When does an SSL/TLS handshake occur?

An SSL/TLS handshake occurs when a user loads a website over HTTPS. At the start, the browser starts inquiring about the source of the server. It can also happen when many other communications use HTTPS, such as API calls and DNS over HTTPS inquiries. A TLS handshake occurs when a TCP connection has been opened through a TCP handshake.

What happens during an SSL/TLS handshake?

During an SSL/TLS handshake, the user and server collectively will perform the following steps:

  • Designate the version of TLS (TLS 1.0, 1.2, 1.3, etc.) they will be using during the communication
  • Select the cipher suites they will be using
  • Validate the identification of the server with the help server’s public key and the digital signature by the SSL certificate authority
  • Generation of session keys for future correspondence after the completion of SSL/TLS handshake

What are the steps of an SSL/TLS handshake?

An SSL/TLS handshake is a sequence of datagrams, or messages, corresponded between a user and a server. An SSL/TLS handshake process consists of multiple steps, as a user and a server correspond the data required for performing the handshake and making additional communication possible.

The specific steps we need to perform an SSL/TLS handshake will change depending on the type of algorithm we use for key exchange and the cipher suite that must be supported by the server and the user. Mostly, we use the RSA key exchange algorithm and it involves the following steps:

The ‘client hello’ message:

The user begins the handshake by sending a “hello” message to the respective server. This “hello” message will contain the following information:

  • TLS version supported by the user
  • The cipher suites which the user supports
  • A random string of bytes that we call “client random.”

The ‘server hello’ message:

In response to the user’s hello message, the server replies with a message carrying the following information:

  • SSL certificate of the server
  • The cipher suite selected by the server
  •  A random string of bytes which is generated by the server known as “server random”


After receiving the hello message from the server, the user will authenticate the SSL certificate of the server from its issuing authority. This step validates the identity of the server and the real ownership of the domain.

The premaster secret:

After authenticating the server’s identity, the user sends another string of bytes. This random string is known as the “premaster secret.” We use the public key for the encryption of the premaster secret. Only the server with the private key can decrypt it.

The private key:

The server uses the private key for decrypting the premaster secret string of the user.

Session keys created:

Both user and server generate session keys by using the client random, the server random, and the premaster secret. They should appear with the same results.

The user is ready:

After all this process, the user will send a “finished” message that it encrypts by using the session key.

The server is ready:

In response, the server will also send a “finished” message encrypted with the session key.

Secure symmetric encryption achieved:

These are all the steps to perform a secure SSL/TLS handshake. After that, a user and a server can continue communication with the help of session keys.


An SSL/TLS handshake is the most important part of establishing a secure connection between a server and a user/website. We have discussed the steps of asymmetric encryption that involve public and a private key for encryption during an SSL/TLS handshake. This is the most widely used method of SSL/TLS handshake. But not all the SSL/TLS handshakes involve a private key for the generation of session keys.

Leave a Comment

Your email address will not be published. Required fields are marked *