But don’t freak out, because I’m here to break it down for you in a way that won’t put you to sleep (hopefully).

So let’s start with the basics: what is TLS 1.3? It’s basically the latest version of SSL/TLS (Secure Sockets Layer/Transport Layer Security), which allows secure communication over the internet by encrypting data between your browser and a web server. And when I say “latest,” I mean it this bad boy was released in 2018, so if you’re still using TLS 1.2 or earlier (shame on you!), then you might want to upgrade before the next ice age hits.

Now handshake retry requests. This is a feature that allows a client to resend its initial handshake message in case it didn’t receive a response from the server due to network issues or other reasons. It’s kind of like when you accidentally drop your phone call and have to say “hello?” again, but with encryption and stuff.

So why do we need this feature? Well, sometimes things go wrong during the handshake process for example, if there’s a packet loss in transit or if the server is temporarily unavailable due to maintenance. In these cases, the client might not receive a response from the server, which can cause all sorts of problems (like your browser showing an error message and making you feel like a noob).

But with handshake retry requests, the client can simply resend its initial message without having to start over from scratch. This saves time and resources for both parties, as well as reducing the risk of errors or security vulnerabilities that could occur during multiple handshakes.

So how does it work? Well, when a client sends its first handshake message (called a “Client Hello”), it includes a special flag called “Retransmit” to indicate that this is a retry request. The server then responds with either an error message or a new session ticket, depending on the situation.

If there was no error during the previous handshake attempt and the client’s initial message hasn’t changed (which should be rare), then the server can simply reuse its existing session state to avoid unnecessary overhead. This is called “rekeying,” which allows for faster and more efficient communication between the client and server.

But if there was an error or a change in the client’s initial message, then the server will generate a new session ticket and send it back to the client. The client can then use this ticket to initiate a new handshake without having to go through all of the same steps again (like negotiating ciphersuites and exchanging keys).

3 handshake retry requests in a nutshell! It’s not exactly rocket science, but it can save your bacon if things go wrong during the initial handshake process. And who knows? Maybe one day we’ll all be using quantum cryptography or something even cooler to keep our data secure (but let’s not get ahead of ourselves).