TLS Handshake — netkit

tls_handshake

// Deep-dive into TLS 1.3 and 1.2 — every packet, every key, every state change

Step 0 / 0

Ready — click step to begin

Client Random

—

Server Random

—

ECDHE Shared Secret

—

Session Key (derived)

—

What is TLS?

TLS (Transport Layer Security) is the cryptographic protocol behind the padlock in your browser. It wraps any TCP connection in a secure channel — providing confidentiality, integrity, and authentication. Click "step" to walk through every packet.

TLS 1.2 vs TLS 1.3 comparison

TLS 1.2 (2008)

Round trips2 RTT before data

Key exchangeRSA or DHE/ECDHE

RSA key exchangeNo forward secrecy

Server certSent unencrypted

Cipher suites37 suites, many weak

0-RTT resumptionNot supported

HMAC/PRFSHA-256/384

TLS 1.3 (2018, RFC 8446)

Round trips1 RTT before data

Key exchangeECDHE only (mandatory)

RSA key exchangeRemoved entirely

Server certEncrypted in flight

Cipher suites5 suites, all strong

0-RTT resumptionSupported (PSK)

HMAC/PRFHKDF (RFC 5869)