TLS Handshake

Wikipedia (CC BY-SA 4.0) · Transport Layer Security

TLS (Transport Layer Security) wraps a TCP connection in encryption. The handshake is where client and server agree on keys. It combines everything from the previous chapters: certificates (Ch.8), key exchange (Ch.7), symmetric encryption, and hashing. Every HTTPS connection starts with this dance.

Step by step

Scheme

; TLS 1.2 handshake walkthrough
; Each step builds on the previous chapters.

(display "1. ClientHello") (newline)
(display "   Client sends: TLS version, supported") (newline)
(display "   cipher suites, a random nonce.") (newline)
(newline)
(display "2. ServerHello") (newline)
(display "   Server picks a cipher suite, sends") (newline)
(display "   its own random nonce.") (newline)
(newline)
(display "3. Certificate") (newline)
(display "   Server sends its certificate chain.") (newline)
(display "   Client verifies using CA trust store") (newline)
(display "   (Ch.8 certificate chains).") (newline)
(newline)
(display "4. ServerKeyExchange") (newline)
(display "   Server sends ECDH parameters, signed") (newline)
(display "   with its private key (Ch.7 + Ch.8).") (newline)
(newline)
(display "5. ClientKeyExchange") (newline)
(display "   Client sends its ECDH public value.") (newline)
(display "   Both sides now compute the shared") (newline)
(display "   secret via ECDH (Ch.7).") (newline)
(newline)
(display "6. Derive session key") (newline)
(display "   PRF(premaster, client_random,") (newline)
(display "   server_random) -> symmetric key.") (newline)
(newline)
(display "7. Finished") (newline)
(display "   Both send a hash of all handshake") (newline)
(display "   messages, encrypted with the new key.") (newline)
(display "   If both verify, the channel is live.")

; TLS 1.2 handshake walkthrough
; Each step builds on the previous chapters.

(display "1. ClientHello") (newline)
(display "   Client sends: TLS version, supported") (newline)
(display "   cipher suites, a random nonce.") (newline)
(newline)
(display "2. ServerHello") (newline)
(display "   Server picks a cipher suite, sends") (newline)
(display "   its own random nonce.") (newline)
(newline)
(display "3. Certificate") (newline)
(display "   Server sends its certificate chain.") (newline)
(display "   Client verifies using CA trust store") (newline)
(display "   (Ch.8 certificate chains).") (newline)
(newline)
(display "4. ServerKeyExchange") (newline)
(display "   Server sends ECDH parameters, signed") (newline)
(display "   with its private key (Ch.7 + Ch.8).") (newline)
(newline)
(display "5. ClientKeyExchange") (newline)
(display "   Client sends its ECDH public value.") (newline)
(display "   Both sides now compute the shared") (newline)
(display "   secret via ECDH (Ch.7).") (newline)
(newline)
(display "6. Derive session key") (newline)
(display "   PRF(premaster, client_random,") (newline)
(display "   server_random) -> symmetric key.") (newline)
(newline)
(display "7. Finished") (newline)
(display "   Both send a hash of all handshake") (newline)
(display "   messages, encrypted with the new key.") (newline)
(display "   If both verify, the channel is live.")

Why this sequence

The handshake solves three problems at once. Authentication: the certificate proves the server's identity. Key agreement: ECDH establishes a shared secret without transmitting it. Forward secrecy: ephemeral ECDH keys mean that compromising the server's long-term key later does not decrypt past sessions. Each session gets fresh keys that are discarded afterward.

Scheme

; Forward secrecy: why ephemeral keys matter

(display "Without forward secrecy (RSA key exchange):") (newline)
(display "  Client encrypts premaster with server's") (newline)
(display "  RSA public key. If the private key leaks") (newline)
(display "  years later, all recorded sessions can be") (newline)
(display "  decrypted retroactively.") (newline)
(newline)
(display "With forward secrecy (ECDHE):") (newline)
(display "  Each handshake generates a new ephemeral") (newline)
(display "  key pair. The shared secret depends on") (newline)
(display "  keys that exist only during the handshake.") (newline)
(display "  After the session, they are deleted.") (newline)
(display "  No amount of future key compromise helps.") (newline)
(newline)
(display "TLS 1.3 mandates forward secrecy.") (newline)
(display "RSA key exchange is removed entirely.")

Reading a cipher suite

A cipher suite name like TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 tells you the full stack: ECDHE for key exchange, RSA for authentication (the certificate), AES-256-GCM for symmetric encryption, SHA-384 for the PRF.

Component	Example	Purpose
Key exchange	ECDHE	Establish shared secret (Ch.7)
Authentication	RSA	Verify server identity (Ch.8)
Bulk cipher	AES_256_GCM	Encrypt session data
PRF hash	SHA384	Key derivation

Neighbors

This series

Shannon Ch.7 — channels: TLS creates a secure channel

Foundations (Wikipedia)

← Zero-Knowledge Proofs by june.kim Remote Attestation →