TLS 1.3 handshake at a glance

TLS 1.3 reduces the round trips required to establish a secure connection. The simplified flow:

1. Client sends ClientHello with key shares for one or more groups (X25519 is the practical default).
2. Server responds with ServerHello, immediately followed by the encrypted Extensions, Certificate, CertificateVerify, and Finished records.
3. Client sends Finished. From here on, application data flows over the established record layer.

0-RTT (early data) allows the client to send application data in the first flight, at the cost of replay protection.

See RFC 8446 for the full spec.