TLS-Style Handshake Overview

How your browser and a server agree on keys and algorithms before using symmetric encryption.

Difficulty: Advanced

How it works

  1. When you open an HTTPS website, your browser and the server first perform a handshake to agree on supported algorithms and establish shared keys.
  2. The server proves its identity using a certificate and a public-key signature scheme (often RSA or an elliptic-curve signature).
  3. Key agreement (such as ECDHE) lets both sides compute a shared secret that becomes the basis for symmetric keys without ever sending the secret directly.
  4. Once keys are established, the connection switches to fast authenticated encryption like AES-GCM or ChaCha20-Poly1305 for all application data.
  5. Studying the handshake helps you connect individual algorithms – RSA, AES, hash functions, MACs – into a complete real-world security protocol.

Keys are generated automatically for this demonstration.

Press Shift + Enter

What is it?

The Transport Layer Security (TLS) Handshake is the complex cryptographic protocol that secures nearly all internet traffic today (producing the 's' in 'https'). When your browser connects to a secure website, a handshake occurs in milliseconds. The server proves its identity using a digital certificate (often signed with RSA or ECC). The browser and server then agree on a cipher suite and securely exchange a symmetric session key (using methods like Elliptic Curve Diffie-Hellman). Finally, all subsequent web traffic is encrypted using an authenticated cipher like AES-GCM.

Try it yourself

Can you decrypt this challenge?

VHVY GUVF ZRNGL (example ciphertext)

Where this shows up today

To guarantee privacy, data integrity, and authentication between a client and a server across the public internet.