The TLS 1.3 Protocol

The following figure shows the sequence of messages for the full TLS handshake.

This image is described in the following text.
  1. Key exchange:
    1. The client sends a ClientHello message to server.
    2. The server processes the ClientHello message and determines the appropriate cryptographic parameters for the connection. It then responds with its own ServerHello message, which indicates the negotiated connection parameters. For TLS 1.3, the ServerHello message determines the key and cipher options only. Other handshake parameters may be determined later.
  2. Server parameters: The server sends two messages to establish server parameters:
    • EncryptedExtensions: This message contains responses to ClientHello extensions that are not required to determine the cryptographic parameters, other than those that are specific to individual certificates.
    • CertificateRequest (optional): If certificate-based client authentication is desired, then the server sends this message, which contains the desired parameters for that certificate. This message is omitted if client authentication is not desired.
  3. Authentication:
    1. The server sends these authentication messages:
      • Certificate (optional): This message contains the authentication certificate and any other supporting certificates in the certificate chain. This message is omitted if the server is not authenticating with a certificate.

        Note: The Certificate message can contain a raw key instead of a certificate.

      • CertificateVerify (optional): This message contains a signature over the entire handshake using the private key corresponding to the public key in the Certificate message. This message is omitted if the server is not authenticating with a certificate.
      • Finished: a MAC (Message Authentication Code) over the entire handshake.
    2. The client responds with its own Certificate, CertificateVerify, and Finished messages. The Certificate message is omitted if the server did not send a CertificateRequest message. The CertificateVerify message is omitted if the client is not authenticating with a certificate.
    The client and server can now securely send application data to each other.