Expressvpn Glossary
TLS handshake
What is a TLS handshake?
A Transport Layer Security (TLS) handshake is the process of establishing a connection secured by TLS. It negotiates the encryption parameters that support secure communication between a client (such as a web browser) and a server (like one hosting a website).
How does a TLS handshake work?
In TLS 1.3 (the latest version), handshakes can be broken down into several steps:
- The client sends a Hello message that includes a list of supported cipher suites.
- The server responds with its own Hello and choice of cipher suite.
- The server sends an EncryptedExtensions message, which may lay out additional security parameters.
- The server shares its certificate, which the client verifies to confirm that it's dealing with an authorized party.
- Both sides independently derive shared session keys using strings included in the Hello messages.
- Both sides send encrypted Finished messages, confirming the connection is secure.
These steps apply to new connections only. When re-establishing contact between a client and server, a feature called zero round-trip time (0-RTT) facilitates data transfer immediately following the exchange of Hello messages.
Why is the TLS handshake important?
By establishing a connection between a client and server and arranging encryption, TLS handshakes allow for secure communication. The encryption prevents third parties from reading or tampering with data, even if they manage to intercept it. The sharing and verification of the server’s certificate also show the client that it's connected to a legitimate website, app, or API.
Without TLS handshakes, HTTPS would not be possible. A key foundation of the modern web, HTTPS is used for everyday browsing and many other activities. TLS handshakes also play a role in various protocols that facilitate secure email, messaging, and file transfer.
Common TLS handshake errors and causes
From firewall interference to corrupted certificates, various issues can prevent clients and servers from establishing a secure connection. Common error alerts include:
| Error | Cause |
| Hostname mismatch | Server certificate doesn’t match its domain name |
| Expired or revoked certificate | SSL/TLS certificate is expired or was invalidated |
| Protocol/cipher suite mismatch | Client and server use different cipher protocols or unsupported TLS versions |
| Incorrect system time | Device clock is inaccurate, making valid certificates appear expired or not yet active |
| Untrusted certificate authority (CA) | Certificate chain leads to a root CA not trusted by the client |
TLS vs. SSL: What’s the difference?
Secure Sockets Layer (SSL) once filled much the same role that TLS does today but is now deprecated due to security vulnerabilities and performance issues. The handshake process for both protocols is broadly similar, but TLS is generally much faster and uses more advanced cipher algorithms. The newest version (TLS 1.3) also benefits from features like mandated perfect forward secrecy (PFS) and more secure key exchange methods.
TLS handshake and VPN encryption
Some virtual private network (VPN) protocols, such as OpenVPN, use TLS handshakes in the control channel to authenticate the server and negotiate session keys for the data channel, which is secured by other means. Other protocols rely on different methods to provide reliable authentication.
Further reading
- HTTPS Everywhere: What is it, and can you use it today?
- What is TLS encryption, and how does it protect your data?
- What is data encryption?
FAQ
What happens during a TLS handshake?
During a Transport Layer Security (TLS) handshake, the client and server communicate to set up a secure connection. After exchanging Hello messages, the server sends its digital certificate, which the client then authenticates. Once verified, both sides generate sefssion keys, allowing encrypted data transfer to begin.
What causes a TLS handshake failure?
A Transport Layer Security (TLS) handshake can fail when a problem prevents the client and server from establishing a secure connection. Common causes include a certificate mismatch, protocol incompatibility, or an incorrect system time on the device.
Is TLS the same as SSL?
Secure Sockets Layer (SSL) is an older protocol that has been deprecated due to security flaws. Transport Layer Security (TLS) serves as a replacement that provides stronger encryption and improved performance.
How does the TLS handshake protect your privacy?
The Transport Layer Security (TLS) handshake ensures that the data exchanged between a client and a server is encrypted while in transit. By facilitating the negotiation of cipher suites and exchange of keys, TLS handshakes support encrypted connections. This, in turn, prevents third parties from reading or tampering with data as it travels between client devices and servers. Given that private information is often shared over networks, TLS adds a vital layer of security.
Support Center 
Live Chat 
FAQ 
