<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
The Full [TLS Handshake] is what is shown in [How SSL-TLS Works].

The [{$pagename}] looks like this:
{{{
Client                                               Server

 ClientHello                  --------&gt;
                                                 ServerHello
                                                Certificate*
                                          ServerKeyExchange*
                                         CertificateRequest*
                              &lt;--------      ServerHelloDone
 Certificate*
 ClientKeyExchange
 CertificateVerify*
 [Change_cipher_spec]
 Finished                     --------&gt;
                                          [Change_cipher_spec]
                              &lt;--------             Finished
 Application Data             &lt;-------&gt;     Application Data
}}}

!! [TLS 1.3] [{$pagename}][1]
As [RSA key-exchange] is no longer supported in [TLS 1.3] means we can start with [{$pagename}] using [Perfect Forward Secrecy] using [Diffie-Hellman].

Another important change is the removal of the [Change_cipher_spec] [protocol]. With [TLS 1.3] every message sent after [ServerHello] is encrypted with the so-called [Ephemeral Key] secret to lock out passive [Passive attackers]. 

[EncryptedExtensions] carries Hello extension data that must be [encrypted] because it is not needed to set up [secure connection].

[{Image src='/images/tls13-hs-ecdhe.png' caption='[TLS 1.3] FULL HANDSHAKE' align=left width=1024 height=768 style='font-size: 120%}]\\

One of the most important change with regard to [1-RTT Handshake] is the removal of the [ServerKeyExchange] and [ClientKeyExchange] messages. 

The [DH] parameters and [Public Keys] are now sent in special [KeyShare] extensions, a new type of extension to be included in the [ServerHello] and [ClientHello] messages. Moving this [data] into Hello extensions keeps the handshake compatible with [TLS 1.2] as it doesn’t change the order of messages.

The client sends a list of [KeyShareEntry] values, each consisting of a named [ECDH] group and an [Ephemeral|Ephemeral Key] [Public Key]. If the server accepts [Ephemeral|Ephemeral Key] [Public Key] must respond with one of the proposed [ECDH] group and its own [Ephemeral|Ephemeral Key] [Public Key]. 

If the server __does not__ support any of the given key shares the server will request retrying the [{$pagename}] or abort the connection with a fatal handshake_failure alert.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Improved Handshakes in TLS version 1.3|https://timtaubert.de/blog/2015/11/more-privacy-less-latency-improved-handshakes-in-tls-13/|target='_blank'] - based on information obtained 2017-01-05
</pre>