TLS Handshake Analyzer
Analyze TLS/SSL handshake timing and certificate exchange details
Example Hosts
Handshake Analysis
About TLS Handshakes
What is a TLS Handshake?
The TLS handshake is the process where a client and server establish a secure connection by negotiating encryption parameters, verifying identities, and exchanging keys. This process happens before any application data is transmitted.
TLS Protocol Versions
- TLS 1.3 (Current): Fastest and most secure, 1-RTT handshake
- TLS 1.2 (Legacy): Widely supported, 2-RTT handshake
- TLS 1.1 / 1.0 (Deprecated): Outdated and vulnerable
- SSLv3 (Insecure): Severely compromised by POODLE
Performance Factors
- Network Latency: Round-trip time (RTT) multiplied by number of handshake round trips
- Certificate Chain Length: Longer chains require more validation and transfer time
- Key Exchange Algorithm: ECDHE is faster than RSA key exchange
- TLS Version: TLS 1.3 requires only 1 RTT vs 2 RTT for TLS 1.2
- Server Performance: Modern servers handle cryptographic operations efficiently
Handshake Optimization
- TLS Session Resumption: Reduces handshake to 0-RTT or 1-RTT
- OCSP Stapling: Eliminates client OCSP lookup latency
- Certificate Chain Optimization: Reduces data transfer and validation time
Quick Tips
- TLS 1.3 handshakes are roughly 50% faster than TLS 1.2
- Session resumption can eliminate handshake latency for repeat connections
- Network latency is the biggest factor in handshake time
- ECDHE key exchange provides forward secrecy and good performance
- Certificate chain should ideally be 2-3 certificates maximum
- OCSP stapling eliminates additional round trips for revocation checks
- Modern cipher suites like AES-GCM offer both speed and security