TLS handshake
also: SSL handshake, TLS negotiation
The TLS handshake is the initial exchange of messages between a client and server to establish an encrypted connection, authenticate the server (and optionally the client), and agree on encryption parameters.
When you connect to a secure website or service using HTTPS, SSH, or other TLS-based protocols, your client and server must first perform a handshake before any encrypted communication occurs. This multi-step process typically involves the client sending a ClientHello message with supported protocol versions and cipher suites, the server responding with ServerHello along with its certificate, and both sides performing key exchange and authentication.
The handshake accomplishes three critical goals: it verifies the server's identity through digital certificates, establishes a shared secret that both sides will use for encryption, and negotiates which encryption algorithms and protocols to use. For example, when you visit https://example.com, your browser's TLS handshake validates the site's certificate and ensures no attacker can impersonate it.
Once the handshake completes successfully, the connection switches to an encrypted state and application data flows securely. If the handshake fails—such as due to a certificate mismatch or unsupported protocols—the connection is refused, protecting against man-in-the-middle attacks.