Security Ronin
Author: 法證黑客 Albert Hui
linktr.ee/4n6h4x0r

TLS 1.3 Handshake

Interactive step-by-step visualisation

1. ClientHello
2. ServerHello
3. Certificate
4. Client Finished
5. App Data
6. Complete
Key Exchange
Authentication
Encryption
Integrity
💻
Client
192.168.1.10
Cipher suites, ECDHE key share, nonce
🏦
Server
93.184.216.34
🦈 Packet Capture
No. Time Source Destination Protocol Info
1 0.000 192.168.1.10 93.184.216.34 TLSv1.3 Client Hello
2 0.023 93.184.216.34 192.168.1.10 TLSv1.3 Server Hello, Change Cipher Spec
3 0.024 93.184.216.34 192.168.1.10 TLSv1.3 Application Data
4 0.025 192.168.1.10 93.184.216.34 TLSv1.3 Application Data
5 0.030 192.168.1.10 93.184.216.34 TLSv1.3 Application Data
6 0.052 93.184.216.34 192.168.1.10 TLSv1.3 Application Data
Under The Hood

Key Phase
Transport Job
Payload Job
TLS 1.3 encrypts everything after ServerHello — without the session keys, packets 3-6 appear as opaque "Application Data."
Step 1
Client sends ClientHello with supported cipher suites, an ECDHE key share, and a random nonce.
Connection secure

What-If Scenarios

Certificate & Auth Failures
Privacy & Extensions
Active Attacks
TLS 1.2 Downgrade