WHY two kinds of crypto? Asymmetric is secure for identity but slow. Symmetric is fast but needs a shared secret. So we use asymmetric once to safely set up a symmetric key, then symmetric for everything else. This is the hybrid idea at the heart of TLS.
Key exchange alone is useless if an attacker can sit in the middle (MITM) and hand you their public key. We need proof the public key belongs to bank.com.
TLS 1.3 streamlines this: the ClientHello already includes a DH key share; the server replies with its share + cert + Finished. Data can flow after 1 round trip (or 0-RTT for resumption). Only forward-secret ECDHE/DHE suites remain.
Imagine you want to whisper a secret to a shopkeeper, but you've never met them and the street is full of pickpockets.
First you ask for their ID card stamped by the town mayor you already trust — that proves they're the real shopkeeper, not an imposter (certificate + CA).
Then you both invent a shared secret password in a clever way so even watchers can't figure it out (key exchange / Diffie–Hellman).
From then on you talk in a code only the two of you know (symmetric encryption). The pickpockets see gibberish. That whole "show ID, agree on secret code" greeting is the handshake.
Dekho, HTTPS ka matlab simple hai: normal HTTP ko ek encrypted tunnel ke andar daal dena. Yeh tunnel banata hai TLS, port 443 par. Iske teen kaam hain — koi tumhara data padh na sake (confidentiality), koi beech mein badal na sake (integrity), aur tum sach mein usi server se baat kar rahe ho jiska naam dikh raha hai (authentication). Bina iske, café WiFi par koi bhi tumhara password chura sakta hai.
Sabse bada sawaal: server ka public key sahi hai ya fake? Yahan aata hai certificate aur CA (Certificate Authority). Certificate ek signed document hai jo bolta hai "yeh public key bank.com ka hai", aur usko ek trusted CA (jaise Let's Encrypt) sign karti hai. Tumhare browser mein pehle se root CA ke keys pade hain. Verification hota hai chain of trust se: leaf cert ko intermediate sign karta hai, intermediate ko root — aur root tumhare browser ko already trusted hai. Agar chain tut jaye, browser warning deta hai.
Handshake ka flow yaad rakho: ClientHello (random rc bhejo), ServerHello (random rs), Certificate (server apni ID dikhata hai), phir client ek pre-master secret banakar server ke public key se encrypt karke bhejta hai — sirf asli server hi apne private key se kholega. Dono milke PRF se master secret aur session keys banate hain, bina key bheje. Phir ChangeCipherSpec + Finished, aur bas — ab sab kuch AES jaise fast symmetric cipher se encrypt hota hai. Asymmetric crypto sirf shuru mein "secret set up" karne ke liye, kyunki woh slow hai; baaki kaam fast symmetric karta hai — isko hybrid kehte hain.
Ek important point: certificate ka matlab "site safe/imaandar hai" nahi hai — sirf itna ki tum sahi domain owner se securely baat kar rahe ho. Phishing site bhi valid cert le sakti hai! Aur modern TLS 1.3 mein ECDHE use hota hai jo forward secrecy deta hai — yaani agar server ka private key future mein leak ho jaye, tab bhi tumhari purani recorded baat-cheet safe rehti hai. Exam aur real life dono ke liye yeh gold hai.