All posts
June 18, 20266 min read

The TLS handshake explained, step by step

Every HTTPS connection begins with a negotiation. Before a single byte of your request is sent, the browser and server run a TLS handshake to agree on how to encrypt the conversation and to prove the server is who it claims to be. Understanding it demystifies most certificate errors.

What the handshake has to accomplish

Three things, in one short exchange:

  • Agree on a cipher. Both sides support many encryption algorithms; they must pick one they share.
  • Authenticate the server. The browser must confirm it is really talking to the domain it asked for, not an impostor.
  • Derive a shared secret. They need a symmetric key to encrypt the session, established over a channel anyone can read.

The exchange in TLS 1.3

Modern TLS (1.3) streamlined this to a single round trip:

  1. ClientHello. The browser sends the TLS versions and cipher suites it supports, plus a key share, a piece of a key exchange it has started speculatively.
  2. ServerHello. The server picks a cipher, sends its own key share, and includes its certificate. From the two key shares, both sides can now compute the same shared secret without ever transmitting it.
  3. Verification. The browser checks the certificate: is it issued for this domain, unexpired, and signed by a certificate authority the browser trusts? It also verifies a signature proving the server holds the private key matching the certificate.
  4. Finished. Both sides confirm the handshake, and the encrypted session begins.

Older TLS 1.2 needed two round trips and exposed more in the clear, which is why 1.3 is both faster and more private.

Where it goes wrong

Most certificate errors map directly to step three. Expired certificate: the validity dates passed. Name mismatch: the certificate is for www.example.com but you visited example.com. Untrusted issuer: the signing authority is not in the browser's trust store, often because an intermediate certificate is missing from the server's chain. Cipher mismatch: the client and server share no common cipher, common with very old clients or very strict servers.

Each of these is visible before you ever debug application code. The SSL Checker inspects a domain's certificate, its expiry, and its chain so you can see exactly which part of the handshake would fail.