What happens during a TLS handshake

# What happens during a TLS handshake? ![rw-book-cover](https://www.cloudflare.com/static/b30a57477bde900ba55c0b5f98c4e524/Cloudflare_default_OG_.png) ## Metadata - Author: [[cloudflare.com]] - Full Title: What happens during a TLS handshake? - Category: #articles - Summary: A TLS handshake is the process where a client and server agree on encryption methods to secure their communication. They exchange messages to verify identities, choose encryption keys, and set up a secure connection. TLS 1.3 makes this process faster and more secure than earlier versions. - URL: https://www.cloudflare.com/learning/ssl/what-happens-in-a-tls-handshake/ ## Highlights - [TLS](https://www.cloudflare.com/learning/ssl/transport-layer-security-tls/) is an encryption and authentication protocol designed to secure Internet communications. ([View Highlight](https://read.readwise.io/read/01ktsq37a43dc0fh607htjy9wj)) - During a TLS handshake, the two communicating sides exchange messages to acknowledge each other, verify each other, establish the cryptographic algorithms they will use, and agree on session keys. TLS handshakes are a foundational part of [how HTTPS works](https://www.cloudflare.com/learning/ssl/what-is-https/). ([View Highlight](https://read.readwise.io/read/01ktsq31m7e5t7w74ys6tmndm7)) - A TLS handshake takes place whenever a user navigates to a website over HTTPS and the browser first begins to query the website's [origin server](https://www.cloudflare.com/learning/cdn/glossary/origin-server/). A TLS handshake also happens whenever any other communications use HTTPS, including [API calls](https://www.cloudflare.com/learning/security/api/what-is-api-call/) and [DNS over HTTPS](https://www.cloudflare.com/learning/dns/dns-over-tls/) queries. ([View Highlight](https://read.readwise.io/read/01ktsq3yaq39wsa28b1h6ge047)) - What happens during a TLS handshake? During the course of a TLS handshake, the client and server together will do the following: • Specify which version of TLS (TLS 1.0, 1.2, 1.3, etc.) they will use • Decide on which cipher suites (see below) they will use • Authenticate the identity of the server via the server’s public key and the SSL certificate authority’s digital signature • Generate session keys in order to use symmetric encryption after the handshake is complete ([View Highlight](https://read.readwise.io/read/01ktsq53e555tqd7558g7nd7jb)) - What is a cipher suite? A cipher suite is a set of algorithms for use in establishing a secure communications connection. There are a number of cipher suites in wide use, and an essential part of the TLS handshake is agreeing upon which cipher suite will be used for that handshake. ([View Highlight](https://read.readwise.io/read/01ktsqa6yx2y2kdqa1xenqy82r))