What is Transport Layer Security (TLS) Handshake?

Transport layer security protocol is one of the security protocols which are designed to facilitate privacy and data security for communications over the Internet. The main use of TLS is to encrypt the communication between web applications and servers, like web browsers loading a website.

TLS is used to encrypt other communications like email, messaging, and voice over IP (VoIP). TLS was proposed by the Internet Engineering Task Force (IETF), which is an international standards organization.


The three main components that TLS accomplishes are as follows −

  • Encryption − It is used to hide the data being transferred from third parties.

  • Authentication − It always ensures that the parties exchanging information are who they claim to be.

  • Integrity − Integrity verifies that the data has not been tampered with.

Given below is the pictorial representation of the Transport layer security protocol (TLS)


The advantages of TLS are as follows−

  • Encryption

  • Interoperability

  • Flexibility

  • Easy of deployment

  • Easy to use.

TLS handshake Protocol

The working condition of the TLS Handshake protocol is shown below −


  • A client sends a synchronous message “client hello” requesting a connection and presents a list of supported cipher suites and a random string of bytes.

  • The server responds with a “server hello” message containing a server certificate.

  • The server is sending its SSL certificate to the client for the purpose of authentication. The client then authenticates the server by verifying the server's SSL certificate, and also sends a certificate for authentication if requested by the server.

  • The client sends the client key exchange, change Cipher specification finished message to the server.

  • The server decrypts the message sent by client secret with the private key.

  • Both client and server generate session keys from the client random, the server random, and the secret message.

  • The client sends a “finished” message that has been encrypted with a session key.

  • The server responds with a finished message which was encrypted with a session key.

  • The client and server have successfully achieved secure symmetric encryption, meaning the handshake is complete and communication can continue with the established session keys.

  • Finally transfer the application data.