Back to learning center

What is a TLS handshake?

TLS handshake explained

In the simplest terms, a TLS handshake is just like a physical handshake, except for servers; it is a secure ‘introduction’ between two servers, allowing them to communicate safely. When you browse the web, any website using HTTPS uses TLS handshakes to secure your connection to the site and make sure any communication (think form fills, logins) are private and secure. 

In order to better understand a TLS handshake, let’s first dive into the system it operates in - TLS:

What is TLS?

Transport Layer Security (TLS) is an Internet Engineering Task Force (IETF) standard protocol that provides authentication, privacy, and data integrity for communications over the internet. 

TLS works by encrypting the communications between two systems. It is critical since it assesses the validity and identity of the connecting party/system: it ensures the other party in a connection is who they say they are, it provides insight into whether data retains its integrity, and it provides a level of confidentiality via encryption. 

TLS uses a range of different algorithms and methods to accomplish these purposes. It’s the most adopted and deployed security protocol in use today. It is best suited for web browsers and other applications requiring data to be securely exchanged over the network via Hypertext transfer protocol secure (HTTPS). TLS can also secure things like email and other protocols. 

A key part of TLS is the TLS handshake, which involves the process of validating the identity and security of two ‘parties’ (servers) communicating across the internet. 

What does TLS do? 

The TLS protocol achieves three primary aims: Integrity, Authentication, and Encryption. 

  • Integrity: TLS confirms that the data sent across a network is not compromised.

  • Authentication: TLS validates the identities of the communicating parties.

  • Encryption: TLS disguises the data transferred from third parties. 

How do SSL/TLS handshakes work?

When you browse the internet, you are unwittingly relying on TLS handshakes. Navigating to any HTTPS website involves the process of TLS handshakes between the client (you + your server) and the website (and its server). 

The TLS handshake protocol is responsible for the authentication and ‘key’ exchange necessary to establish and secure sessions (visits to a webpage).  It is a multi-step process, typically involving the client and server sending “hello” messages, exchanging keys, cipher messages, and a ‘finish’ message. 

The TLS handshake protocol enables the client and server to authenticate each other and negotiate security keys before any data exchange.  

The process will look similar to the steps outlined below:

  1. The client sends a connection request to the server. The request is acknowledged by the server. 

  2. The client then sends its ‘hello’ message to the server - This ‘hello’ message includes important information about the requestor (client), allowing the client to introduce itself to the server. 

  3. The server provides its own ‘hello’ message + SSL certificate - This certificate includes the server’s cipher suite and a ‘random string’ generated by the server. Think of this as a code the server is providing the client. 

  4. The client then authenticates the ‘code’ (certificate + cipher) sent over by the server to ensure that 1) the domain name matches and 2) the certificate is signed by a trusted certificate authority (CA). This validates that the server is legitimate (and safe). 

  5. The client then shares its own certificate, once the validity of the server has been confirmed. Once both sides have completed these steps, a shared ‘secret’ (think of this like a password) is generated that will later enable encryption of data shared between them. 

  6. The client and server use the shared secret to create identical session ‘keys’, thereby enabling them to encrypt and decrypt data as it is passed between the two parties during the session. 

Why are TLS handshakes important? 

TLS handshakes provide a critical role in enabling secure communication and flow of data between two servers. They act as essential gatekeepers of the internet - validating credentials of all parties navigating the web and helping them to be certain of one another’s identity. Without this key security capability, browsing the web would be less secure, and could lead to both personal and business-related risk.