How HTTPS Secures Your Connection: From TCP Handshake to TLS Encryption

What is HTTPS?

HTTPS (HyperText Transfer Protocol Secure) is HTTP combined with SSL/TLS certificates, ensuring confidentiality, integrity, and authenticity of data transferred over the network.

How HTTP and HTTPS connections are established

1. Establishing the connection

When a user enters a URL, the browser resolves the domain via DNS cache, local DNS, hosts file, or DNS server to obtain the IP address. Then a TCP three‑way handshake creates a reliable connection.

2. TCP three‑way handshake

1) Client sends SYN. 2) Server replies with SYN‑ACK. 3) Client sends ACK, and the connection enters ESTABLISHED state.

3. TCP four‑way termination

1) Client sends FIN. 2) Server acknowledges with ACK. 3) Server sends its own FIN. 4) Client acknowledges with ACK, closing the connection.

4. HTTP request flow

Client sends a request after the TCP connection is established.

Server processes the request and returns a response.

Client receives and renders the response for the user.

HTTPS handshake and encryption process

HTTPS requires the server to be configured with a valid SSL/TLS certificate. The handshake proceeds as follows:

Client sends a ClientHello containing supported cipher suites.

Server replies with ServerHello, selecting a cipher suite and providing its digital certificate.

Client verifies the certificate with a Certificate Authority (CA) and extracts the server’s public key.

Client generates a random pre‑master secret, encrypts it with the server’s public key, and sends it to the server.

Both parties derive symmetric session keys from the pre‑master secret.

Client and server exchange Finished messages, confirming that encryption parameters are agreed.

After this TLS negotiation, HTTP data is encrypted with the symmetric keys, providing confidentiality and integrity.

Why SSL/TLS certificates are essential

Deploying an SSL/TLS certificate protects data in transit from eavesdropping and tampering, safeguarding user privacy and corporate information. In China, only three CA institutions meet the international WebTrust standard, ensuring reliable global certification services.