TLS Handshake
What is TLS Handshake?
TLS HandshakeThe initial protocol exchange in Transport Layer Security that authenticates the server (and optionally the client) and derives the symmetric keys used to encrypt the rest of the session.
The TLS handshake negotiates the protocol version, cipher suite, server identity, and session keys before any application data is sent. In TLS 1.2 (RFC 5246) the handshake takes two round trips and uses ClientHello, ServerHello, Certificate, ServerKeyExchange, plus a Finished pair that confirms the negotiated transcript. TLS 1.3 (RFC 8446) collapses this to one round trip, removes legacy ciphers (RC4, CBC modes without AEAD, RSA key exchange), and supports 0-RTT resumption with replay caveats. Both versions use ephemeral (EC)DHE for forward secrecy and authenticate the server via an X.509 certificate. Misconfigurations that matter include downgrade attacks, weak cipher suites, expired or mis-issued certificates, and missing SNI handling on shared infrastructure.
● Examples
- 01
A browser opens TLS 1.3 to https://example.com in one round trip, negotiating x25519 and AES-GCM.
- 02
An older client falls back to TLS 1.2 with ECDHE-RSA-AES256-GCM-SHA384 against the same server.
● Frequently asked questions
What is TLS Handshake?
The initial protocol exchange in Transport Layer Security that authenticates the server (and optionally the client) and derives the symmetric keys used to encrypt the rest of the session. It belongs to the Network Security category of cybersecurity.
What does TLS Handshake mean?
The initial protocol exchange in Transport Layer Security that authenticates the server (and optionally the client) and derives the symmetric keys used to encrypt the rest of the session.
How does TLS Handshake work?
The TLS handshake negotiates the protocol version, cipher suite, server identity, and session keys before any application data is sent. In TLS 1.2 (RFC 5246) the handshake takes two round trips and uses ClientHello, ServerHello, Certificate, ServerKeyExchange, plus a Finished pair that confirms the negotiated transcript. TLS 1.3 (RFC 8446) collapses this to one round trip, removes legacy ciphers (RC4, CBC modes without AEAD, RSA key exchange), and supports 0-RTT resumption with replay caveats. Both versions use ephemeral (EC)DHE for forward secrecy and authenticate the server via an X.509 certificate. Misconfigurations that matter include downgrade attacks, weak cipher suites, expired or mis-issued certificates, and missing SNI handling on shared infrastructure.
How do you defend against TLS Handshake?
Defences for TLS Handshake typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for TLS Handshake?
Common alternative names include: TLS handshake protocol.
● Related terms
- network-security№ 1159
TLS (Transport Layer Security)
The IETF-standardized cryptographic protocol that provides confidentiality, integrity, and authentication for traffic between two networked applications.
- network-security№ 1090
SSL (Secure Sockets Layer)
The historical predecessor of TLS, originally developed by Netscape in the 1990s to encrypt traffic on the web and now formally deprecated.
- network-security№ 1134
TCP
A connection-oriented transport protocol (RFC 9293) that delivers an ordered, reliable, congestion-controlled byte stream between two endpoints over IP.
- cryptography№ 067
Asymmetric Encryption
A cryptographic scheme that uses mathematically linked key pairs — a public key for encryption and a private key for decryption — to enable secure communication without prior secret sharing.
- network-security№ 712
Mutual TLS (mTLS)
An extension of TLS in which both the client and the server present X.509 certificates so that each side cryptographically authenticates the other.
- network-security№ 501
HTTPS
HTTP carried over a TLS-protected connection, providing confidentiality, integrity, and server authentication for web traffic.