Last Updated: 2023-01-15

TLS uses a combination of symmetric and asymmetric cryptography, as this provides a good compromise between performance and security when transmitting data securely.

  • asymmetric: TLS uses asymmetric cryptography for securely generating and exchanging a session key.
  • symmetric: The session key is then used for encrypting the data transmitted by one party, and for decrypting the data received at the other end. Once the session is over, the session key is discarded.


  • The client hello message: The client initiates the handshake by sending a "hello" message to the server. The message will include which TLS version the client supports, the cipher suites supported, and a string of random bytes known as the "client random."
  • The server hello message: In reply to the client hello message, the server sends a message containing the server's SSL certificate, the server's chosen cipher suite, and the "server random," another random string of bytes that's generated by the server.
  • Authentication: The client verifies the server's SSL certificate with the certificate authority that issued it. This confirms that the server is who it says it is, and that the client is interacting with the actual owner of the domain.
  • The premaster secret: The client sends one more random string of bytes, the "premaster secret." The premaster secret is encrypted with the public key and can only be decrypted with the private key by the server. (The client gets the public key from the server's SSL certificate.)
  • Private key used: The server decrypts the premaster secret.
  • Session keys created: Both client and server generate session keys from the client random, the server random, and the premaster secret. They should arrive at the same results.
  • Client is ready: The client sends a "finished" message that is encrypted with a session key.
  • Server is ready: The server sends a "finished" message encrypted with a session key.
  • Secure symmetric encryption achieved: The handshake is completed, and communication continues using the session keys.