DEV Community

Cover image for How does TLS handshake work?
Hesam Rad
Hesam Rad

Posted on

How does TLS handshake work?

Ever wondered what happens when you request a website?

Sure there are many many things happening behind the scenes and it will take forever if I wanted to explain all of that in one article, but I can take each step at a time and try to explain what happens in each step.


In today's world, using HTTPS is no longer an option. It's a necessity and everyone should use it, but how does it work? What is this secure version of HTTP that everyone is talking about?

Ok, relax and sit back down and listen to me.

We all know that HTTPS is the 'secure' version of HTTP. Duh! The 'S' at the end of it says it all. Of course everyone knows that. But we are here to take a little peak behind the curtain and see what's happening in the dark.

TSL Handshake

There is a specific chain of events that are happening when a TLS handshake occurs:

  1. ClientHello
  2. ServerHello
  3. Authentication
  4. The Premaster Secret
  5. ClientFinish
  6. ServerFinish

Let's break them down one by one.


First the client sends a Hello message to the server indicating that it wants to initiate a TLS handshake.
This Hello message includes which TLS version the client supports, the cipher suites supported, and a string of random bytes known as the client random.


Then the server replies with a Hello message of its own indicating that it's ready to create the handshake.
This Hello message includes the server's SSL certificate, the server's chosen cipher suite, and the server random, another random string of bytes that's generated by the server.


Now the client tries to verify the server's SSL certificate with it's issuer to make sure of its validity.

The Premaster Secret

Now that the client has successfully verified that the SSL certificate is valid, it will generate one more random string, and encrypts it with the server's public key that it obtained from the SSL certificate in step #2 and sends it to the server.


The client is now ready to finish the process of handshake. It will send a Finish message encrypted with the premaster secret to the server.


To finish the process, the server will send an encrypted Finish message to the client, indicating that the handshake is now complete.

After this process, the client and the server can safely exchange messages.

Link to cover image

Top comments (0)