What happens after the TLS handshake finishes?
Quick Answer
Once the handshake completes, both sides have derived the same symmetric session key. Every message after that — the actual HTTP request and response — is encrypted and integrity-checked with that key, using a fast symmetric cipher like AES-GCM. The connection stays open and reuses this key until the session ends or the key is periodically refreshed, without ever repeating the slower asymmetric handshake steps.
Detailed Answer
The handshake's entire job is to get both sides to agree on one thing: a shared, secret session key. Once that exists, the slow, asymmetric part of TLS is done.
Handshake (asymmetric, happens once per connection)
|
v
Shared session key established
|
v
Application Data phase (symmetric, happens for every message):
Browser --[AES-GCM encrypted HTTP request]--> Server
Browser <--[AES-GCM encrypted HTTP response]-- Server
From this point on:
- Every request and response is encrypted with the fast symmetric algorithm agreed on in the handshake, typically AES-GCM or ChaCha20-Poly1305.
- These modes provide both encryption and an integrity check in one step, so tampering is detected automatically, without a separate hashing pass.
- The connection can stay open and reused for many requests, for example loading a page plus all of its images and scripts, without repeating the handshake each time.
If the connection needs to be re-established later, TLS can often skip a full handshake and use session resumption instead, covered in the previous question, which is much cheaper than starting over from scratch.