Knowledge Guide
HomeSystem DesignEncryption

TLS & mTLS — The Handshake, Step by Step

The problem: a private conversation over a public wire

Two strangers must (a) agree a secret key no eavesdropper can learn and (b) prove they're the right party — before any data flows. TLS (the S in HTTPS) does both in a handshake:

TLS handshake sequence between client and server ending in encrypted data
TLS handshake sequence between client and server ending in encrypted data
  1. Hello: client offers versions+ciphers; server picks one and sends its certificate (public key signed by a CA).
  2. Verify identity: client checks the cert's signature chain against trusted CAs — this is what blocks impostors.
  3. Key exchange (ECDHE): both sides independently derive the same session key without sending it (forward secrecy).
  4. Encrypted: all further traffic uses that symmetric key. TLS 1.3 does this in one round trip.

mTLS — both sides prove identity

Normal TLS authenticates only the server. mutual TLS has the client present a cert too → both ends verified — the backbone of zero-trust service-to-service traffic in a mesh.

In transitAt rest
HowTLS / mTLSDisk/DB encryption (AES), KMS keys
ThreatEavesdropping, MITMStolen disk / leaked backup

Takeaways


Re-authored from-scratch; diagram hand-authored (SVG) for this guide.

🤖 Don't fully get this? Learn it with Claude

Stuck on TLS & mTLS — The Handshake, Step by Step? Open Claude, copy a block below, and it'll teach you this exact concept — visually and interactively.

🎨 Explain it visually

Build the mental picture, not memorization.

I just read a lesson on **TLS & mTLS — The Handshake, Step by Step** (System Design) and want to truly understand it. Explain TLS & mTLS — The Handshake, Step by Step from first principles using ONE vivid real-world analogy and a visual mental model — draw it as ASCII art or a clear step-by-step diagram — with a concrete example using real numbers. Then ask me one question to check I got the mental picture, and wait for my reply. If you're unsure or a claim isn't standard, say so and reason from first principles instead of guessing.
🤔 Walk me through it (interactive)

Socratic — adapts to where you're stuck.

Teach me **TLS & mTLS — The Handshake, Step by Step** interactively. Ask me ONE guiding question at a time, wait for my answer, and adapt to my confusion — build the idea with me step by step instead of explaining it all at once. If you're unsure or a claim isn't standard, say so and reason from first principles instead of guessing.
🧪 Quiz me & fix my gaps

Active recall exposes what you missed.

Quiz me on **TLS & mTLS — The Handshake, Step by Step** with 5 questions, easy to tricky, ONE at a time. Tell me if each answer is right; at the end, explain clearly what I got wrong and why. If you're unsure or a claim isn't standard, say so and reason from first principles instead of guessing.
🧠 Make it stick

Intuition + hook + flashcards for long-term memory.

Help me remember **TLS & mTLS — The Handshake, Step by Step** for the long term: give the one-sentence intuition, a memorable hook/mnemonic, a tiny worked example, and 3 active-recall flashcards (Q -> A). If you're unsure or a claim isn't standard, say so and reason from first principles instead of guessing.

📝 My notes