TLS Handshake Visualised — See How HTTPS Works

💻

Client

192.168.1.10

Cipher suites, ECDHE key share, nonce

🏦

Server

93.184.216.34

No. Time Source Destination Protocol Info

1 0.000 192.168.1.10 93.184.216.34 TLSv1.3 Client Hello

2 0.023 93.184.216.34 192.168.1.10 TLSv1.3 Server Hello, Change Cipher Spec

3 0.024 93.184.216.34 192.168.1.10 TLSv1.3 Application Data

4 0.025 192.168.1.10 93.184.216.34 TLSv1.3 Application Data

5 0.030 192.168.1.10 93.184.216.34 TLSv1.3 Application Data

6 0.052 93.184.216.34 192.168.1.10 TLSv1.3 Application Data

TLS 1.3 encrypts everything after ServerHello — without the session keys, packets 3-6 appear as opaque "Application Data."

Root CA (trusted anchor)

Intermediate CA

Leaf Certificate (server)

Step 1

Client sends ClientHello with supported cipher suites, an ECDHE key share, and a random nonce.

Connection secure

Expired certificate

MITM attempt

Downgrade to TLS 1.2 (RSA key exchange, no forward secrecy)

CBC cipher suite (pair with TLS 1.2 downgrade)