Bird
Raised Fist0
Interview Prepcomputer-networksmediumAmazonGoogleMicrosoftFlipkartRazorpayPhonePeCRED

HTTP vs HTTPS - TLS Handshake & Certificate Chain

Choose your preparation mode2 modes available
Steps
setup

Client sends ClientHello

The client initiates the TLS handshake by sending a ClientHello message to the server. This message includes supported TLS versions, cipher suites, and a random nonce.

💡 This step starts the secure connection setup, signaling the client's capabilities and intent to establish a secure session.
Line:send(ClientHello)
💡 The handshake begins with the client proposing security parameters.
📊
HTTP vs HTTPS - TLS Handshake & Certificate Chain - Watch the Algorithm Execute, Step by Step
Watching the TLS handshake step-by-step reveals the sequence and purpose of each message, clarifying how HTTPS secures HTTP communication.
Step 1/11
·Active fillAnswer cell
ClientHello sent, handshake started
Hop: 1
Client
Server
📦Packet
fromclient
toserver
📄 payloadClientHello: TLS versions, cipher suites, random nonce
🔌 protocolTLS
🚩 flagsClientHello
src192.168.1.2:52345
dst93.184.216.34:443
dataTLS versions, cipher suites, random nonce
flagsClientHello
ClientHello: client→server
ServerHello sent, parameters agreed
Hop: 2
Client
Server
📦Packet
fromserver
toclient
📄 payloadServerHello: selected TLS 1.2, AES_256_GCM, random nonce
🔌 protocolTLS
🚩 flagsServerHello
src93.184.216.34:443
dst192.168.1.2:52345
dataTLS 1.2, AES_256_GCM, random nonce
flagsServerHello
ClientHello: client→server
ServerHello: server→client
Certificate sent, client can verify server identity
Hop: 3
Client
Server
📦Packet
fromserver
toclient
📄 payloadCertificate: server public key, CA signature
🔌 protocolTLS
🚩 flagsCertificate
src93.184.216.34:443
dst192.168.1.2:52345
dataServer public key, CA signature
flagsCertificate
ClientHello: client→server
ServerHello: server→client
Certificate: server→client
ServerHelloDone sent, client to respond
Hop: 4
Client
Server
📦Packet
fromserver
toclient
📄 payloadServerHelloDone
🔌 protocolTLS
🚩 flagsServerHelloDone
src93.184.216.34:443
dst192.168.1.2:52345
flagsServerHelloDone
ServerHello: server→client
Certificate: server→client
ServerHelloDone: server→client
Certificate verified successfully
Hop: 5
Client
Server
📦Packet
fromclient
toclient
📄 payloadVerify Certificate
🔌 protocolTLS
🚩 flagsVerify
src—:—
dst—:—
dataCertificate verification
flagsVerify
ServerHello: server→client
Certificate: server→client
ServerHelloDone: server→client
ClientKeyExchange sent, key material shared
Hop: 6
Client
Server
📦Packet
fromclient
toserver
📄 payloadClientKeyExchange: encrypted pre-master secret
🔌 protocolTLS
🚩 flagsClientKeyExchange
src192.168.1.2:52345
dst93.184.216.34:443
dataEncrypted pre-master secret
flagsClientKeyExchange
Certificate: server→client
ServerHelloDone: server→client
ClientKeyExchange: client→server
Client switched to encrypted communication
Hop: 7
Client
Server
📦Packet
fromclient
toserver
📄 payloadChangeCipherSpec
🔌 protocolTLS
🚩 flagsChangeCipherSpec
src192.168.1.2:52345
dst93.184.216.34:443
flagsChangeCipherSpec
ServerHelloDone: server→client
ClientKeyExchange: client→server
ChangeCipherSpec: client→server
Client Finished message sent
Hop: 8
Client
Server
📦Packet
fromclient
toserver
📄 payloadFinished: encrypted handshake hash
🔌 protocolTLS
🚩 flagsFinished
src192.168.1.2:52345
dst93.184.216.34:443
dataEncrypted handshake hash
flagsFinished
ClientKeyExchange: client→server
ChangeCipherSpec: client→server
Finished: client→server
Server switched to encrypted communication
Hop: 9
Client
Server
📦Packet
fromserver
toclient
📄 payloadChangeCipherSpec
🔌 protocolTLS
🚩 flagsChangeCipherSpec
src93.184.216.34:443
dst192.168.1.2:52345
flagsChangeCipherSpec
ChangeCipherSpec: client→server
Finished: client→server
ChangeCipherSpec: server→client
Server Finished message sent, handshake complete
Hop: 10
Client
Server
📦Packet
fromserver
toclient
📄 payloadFinished: encrypted handshake hash
🔌 protocolTLS
🚩 flagsFinished
src93.184.216.34:443
dst192.168.1.2:52345
dataEncrypted handshake hash
flagsFinished
Finished: client→server
ChangeCipherSpec: server→client
Finished: server→client
TLS handshake complete, secure connection established
Hop: 11
Client
Server
Finished: client→server
ChangeCipherSpec: server→client
Finished: server→client

Key Takeaways

TLS handshake is a multi-step protocol that establishes trust and encryption before any application data is sent.

Reading code alone hides the sequence and purpose of each message; visualization clarifies the flow and dependencies.

Certificate exchange and verification are critical for authenticating the server and preventing man-in-the-middle attacks.

Visualizing certificate transmission and verification highlights their role in security, which is often abstracted in code.

ChangeCipherSpec messages mark the transition to encrypted communication, ensuring both sides switch synchronously.

Seeing these messages explicitly helps understand how encryption activation is coordinated.