Overview#The Full TLS Handshake is what is shown in How SSL-TLS Works.
The TLS Full Handshake looks like this:
Client Server ClientHello --------> ServerHello Certificate* ServerKeyExchange* CertificateRequest* <-------- ServerHelloDone Certificate* ClientKeyExchange CertificateVerify* [ChangeCipherSpec] Finished --------> [ChangeCipherSpec] <-------- Finished Application Data <-------> Application DataRSA key-exchange is no longer supported in TLS 1.3 means we can start with TLS Full Handshake using Perfect Forward Secrecy using Diffie-Hellman.
Another important change is the removal of the ChangeCipherSpec protocol. With TLS 1.3 every message sent after ServerHello is encrypted with the so-called Ephemeral Key secret to lock out passive Passive attackers.
EncryptedExtensions carries Hello extension data that must be encrypted because it is not needed to set up secure communication.
The DH parameters and Public Keys are now sent in special KeyShare extensions, a new type of extension to be included in the ServerHello and ClientHello messages. Moving this data into Hello extensions keeps the handshake compatible with TLS 1.2 as it doesn’t change the order of messages.
The client sends a list of KeyShareEntry values, each consisting of a named ECDH group and an Ephemeral Public Key. If the server accepts Ephemeral Public Key must respond with one of the proposed ECDH group and its own Ephemeral Public Key.
If the server does not support any of the given key shares the server will request retrying the TLS Full Handshake or abort the connection with a fatal handshake_failure alert.