TCP Handshake and TLS Handshake

First Let's focus on the TCP Handshake 

The TCP handshake is necessary to establish a reliable and synchronized connection between a client and a server, ensuring data transmission is orderly, secure, and efficient. If the TCP handshake fails, it indicates that the client and server were unable to establish a connection. 

Step 1: SYN (Synchronize)

The client initiates the connection by sending a TCP segment with the SYN (synchronize) flag set to the server. This segment contains a sequence number that the client chooses to start the conversation. This initial segment is commonly referred to as the SYN segment.

Here we take a sample of Wireshark capture between a home laptop and a website www.cics.umass.edu,

Home Device IP : 192.168.1.245

Web site IP : 128.119.240.84

Step 2: SYN-ACK (Synchronize-Acknowledgment)

Upon receiving the SYN segment, the server acknowledges the client's request by sending a TCP segment with the SYN and ACK (acknowledgment) flags set. The SYN flag is set to indicate synchronization, and the ACK flag acknowledges the receipt of the client's SYN segment. The server also selects its own sequence number for the communication.

Step 3: ACK (Acknowledgment)

Finally, the client responds to the server's SYN-ACK segment by sending an ACK segment. This segment has the ACK flag set and acknowledges the receipt of the server's SYN-ACK segment. Additionally, the client increments the sequence number it received from the server by one..

Are TLS Messages from the Client to the server sent before the TCP handshake?

Nope, 

 TLS (Transport Layer Security) messages from the client to the server are not sent before the TCP handshake. The TCP handshake must be completed before any TLS communication can take place.

The TLS protocol operates on top of the TCP protocol, providing a secure communication channel between the client and the server. It uses a combination of symmetric and asymmetric encryption to ensure confidentiality, integrity, and authentication of the data exchanged between the two parties.

TLS Handshake

Below are the handshake steps simply ,

1. Client Hello
2. Server Hello
3. Server Certificate
4. Client Key Exchange
5. Server Key Exchange (Optional)
6. Certificate Request (Optional)
7. Server Hello Done
8. Client Certificate (Optional)
9. Client Key Exchange
10. Certificate Verify (Optional)
11. Change Cipher Spec
12. Finished

TLS Secure Communication:

After the TLS handshake is successfully completed, both the client and the server can start exchanging encrypted TLS messages over the established TCP connection. These messages include application data, such as HTTP requests in the case of HTTPS.

below are the wireshark packets related to the TLS communication in the above communication

Starting from Client's Hello message to Application data. 

Why TLS Became the Successor of SSL 

TLS (Transport Layer Security) is considered the successor of SSL (Secure Sockets Layer) and has largely replaced it as the primary protocol for secure communication on the Internet. TLS was designed to address vulnerabilities found in earlier versions of SSL. It provides improved security, stronger cryptographic algorithms, and better support for modern protocols and technologies. TLS ensures the confidentiality, integrity, and authenticity of data exchanged between clients and servers, making it an essential component in securing online communication and transactions.