protocol · 05 / 05TLS 1.3

TLS Handshake

Where every piece meets to open a secure line.

built fromKey ExchangeCertificatesEncryption

What it does

There's no new mathematics on this page. A handshake invents no primitive of its own — it's pure choreography. It takes the building blocks you've already met and arranges them so two strangers finish with one shared key, each certain of who the other is, and an eavesdropper left holding nothing useful.

This is the lock icon in your address bar. Every https:// page begins with the dance below — typically in a single round trip, in a few milliseconds, before any content arrives.

The pieces, assembled

Four jobs, each handled by a tool with its own page on this site:

  • Key exchange gets both sides to the same secret over the open wire — ephemeral, so it's forward-secret.
  • Signatures prove the server actually owns its certificate, which is the one thing that stops a man in the middle.
  • Hashing stretches the raw shared secret, through a hash-based key schedule, into real session keys.
  • Encryption — AES-GCM — takes over once the keys are set and seals every byte from there on.

Watch it happen — for real

The walkthrough below runs an actual, simplified TLS 1.3 handshake in your browser. The randoms, the public keys, the certificate signature, the shared secret, the derived session key, and the encrypted first request are all genuinely computed — nothing is staged. Step through it, then flip to impersonator to watch the signature check tear the connection down.

Why each piece is load-bearing

Pull any one block out and the whole thing collapses in a specific, instructive way:

  • Remove signatures and you can still agree on a secret — but with whom? An attacker relays both sides and reads everything. This is exactly the impersonator case, and the signature is what catches it.
  • Remove the ephemeral exchange(encrypt the key with the server's long-term key instead) and you lose forward secrecy: one stolen key retroactively unlocks years of recorded traffic.
  • Remove encryption and you've authenticated a channel that still sends everything in plain sight.

What TLS 1.3 changed

Earlier versions took two round trips and offered a menu of aging, sometimes-broken options to negotiate. TLS 1.3 (2018) cut the handshake to a single round trip, deleted the weak choices outright, and made forward-secret ephemeral exchange mandatory. Faster and safer — the rare upgrade that's both.

What it's for

  • The web — HTTPS, and HTTP/3 over QUIC, which folds this handshake directly into the transport.
  • Email, VPNs, APIs — the same TLS machinery secures mail delivery, corporate tunnels, and almost every API call your apps make.
  • Anywhere two machines need a private channel — this is the default way to open one, billions of times a second across the internet.