TCP Handshake vs TLS Handshake: Order of Operations

by

Introduction:

Think of visiting a website like meeting someone for the first time. Before you can have a meaningful conversation, you need to find them and establish a basic connection — that’s what the TCP handshake does. It sets up a reliable pathway for information to travel between you and the server. Only once that connection is in place can you begin a secure, private conversation — and that’s where the TLS handshake comes in. These steps always happen in this order: connection first, security second. It’s a bit like building a road before installing security cameras along it. In this article, we’ll explore why this sequence is essential and how these digital handshakes work together to make our online experiences both seamless and safe.

The TCP (Transmission Control Protocol) handshake always happens first, before the TLS (Transport Layer Security) handshake can begin. This follows the networking protocol stack order:

Sequence of Events

TCP Handshake (Transport Layer — Layer 4)

TCP Handshake (Transmission Control Protocol) This is the first step in establishing a connection between your device and a web server. It uses a three-way handshake process:

  • Client sends SYN packet
  • Server responds with SYN-ACK
  • Client sends ACK
  • Result: TCP connection established

TLS Handshake (Application Layer — Layer 7)

  • Only begins after TCP connection is established
  • Client sends “Client Hello” message
  • Server responds with “Server Hello” and certificate
  • Key exchange and cipher negotiation occurs
  • Result: Encrypted tunnel established over the TCP connection

Why This Order?

TLS operates at a higher layer in the network stack than TCP. Since TLS messages are transmitted through TCP packets, a stable TCP connection must be established first to carry the TLS handshake messages.

This is why when you access an HTTPS site (which uses TLS), the TCP handshake is always completed before the TLS negotiation begins. The entire process typically takes milliseconds but includes both handshakes happening in sequence, not in parallel.

Example: What Happens When You Type “subbutechops.com” in Your Browser

Let’s walk through the exact sequence when you visit a website like “subbutechops.com”:

Step 0: DNS Lookup

When you type “subbutechops.com” and press Enter:

  1. Your browser needs to find where this website is located
  2. Browser asks your DNS (Domain Name System) server: “What’s the IP address for subbutechops.com?”
  3. DNS server responds: “It’s at 203.0.113.42” (example IP)
  4. Now your browser knows where to connect

Step 1: TCP Handshake

Your browser establishes a basic connection with the web server:

  1. SYN: Browser sends to server
  • “Hi subbutechops.com, I’d like to connect to port 443 (HTTPS port)”
  • Contains random sequence number: 9301

2. SYN-ACK: Server responds to browser

  • “Yes, I’m ready to connect”
  • Acknowledges browser’s sequence number (9301+1)
  • Sends its own sequence number: 5104

3. ACK: Browser responds to server

  • “Great! Connection established”
  • Acknowledges server’s sequence number (5104+1)

Result: Basic connection pipe is now established between your browser and subbutechops.com

Step 2: TLS Handshake

Now that a connection exists, your browser and the server secure it:

  1. Client Hello: Browser sends to server
  • “I support TLS 1.3, 1.2, and these encryption methods…”
  • Includes random value and supported cipher suites

2. Server Hello + Certificate: Server responds

  • “Let’s use TLS 1.3 with AES-256 encryption”
  • “Here’s my SSL certificate proving I’m subbutechops.com”
  • Certificate contains server’s public key and is signed by a trusted authority

3. Key Exchange: Browser validates and responds

  • Browser checks certificate against trusted authorities
  • Browser creates a session key and encrypts it with server’s public key
  • “Let’s use this encrypted key for our communication”

4. Finished: Server completes setup

  • Both sides now have the same secure session keys
  • “Encryption established; we can now talk securely”

Result: A secure, encrypted HTTPS connection is now established

Step 3: HTTP Communication

With the secure connection in place:

  1. Browser sends an encrypted HTTP request: “GET /index.html”
  2. Server responds with the encrypted webpage content
  3. Browser displays the subbutechops.com website

Why This Matters

This multi-step process happens in milliseconds but provides several important benefits:

  1. TCP Connection: Ensures reliable data transfer without loss
  2. TLS Security: Prevents eavesdropping and confirms you’re talking to the real website

When you see the padlock icon in your browser, it indicates both these handshakes were completed successfully, and your connection to subbutechops.com is secure.

Conclusion:

The way TCP and TLS work together shows us something important about how the internet is built: before anything can be secure, it needs to be reliable. TCP makes sure your data reaches its destination without getting lost, while TLS wraps that data in protective layers to keep it private. This happens in milliseconds every time you visit a website, yet it’s a fascinating dance of protocols that protect everything from your casual browsing to your most sensitive online transactions. Understanding this order helps us appreciate the careful design behind our everyday internet experiences. The next time you see that little padlock in your browser, remember the invisible handshakes that made it possible — first connecting, then protecting.

For more insights into the world of technology and data, visit subbutechops.com. There’s plenty of exciting content waiting for you to explore!

Thank you for reading, and happy learning! 🚀

Leave a Comment

“Learning never exhausts the mind.” – Leonardo da Vinci

Quick Links

Categories

Contact us

Phone:- +91 9381748245

Email:- subbutechops@gmail.com