TCP Three-Way Handshake

The TCP three-way handshake is the connection establishment procedure of the Transmission Control Protocol, where a client and server exchange three messages — SYN, SYN-ACK, and ACK — to synchronize sequence numbers and establish a reliable full-duplex connection.

TCP (RFC 793) is the foundational transport protocol for most internet traffic: HTTP, HTTPS, SSH, SMTP, and many others rely on it. Unlike UDP, TCP guarantees ordered delivery, retransmission of lost packets, and flow control.

SYN (Synchronize): The client sends a TCP segment with the SYN flag set and an Initial Sequence Number (ISN) — a randomly chosen 32-bit number. The ISN is random to prevent TCP sequence prediction attacks.

SYN-ACK (Synchronize-Acknowledge): The server acknowledges the client's ISN (ACK = client_ISN + 1) and sends its own ISN. Both SYN and ACK flags are set. At this point the server has allocated a TCB (Transmission Control Block) for the connection but it isn't fully established yet.

ACK (Acknowledge): The client acknowledges the server's ISN (ACK = server_ISN + 1). The connection is now ESTABLISHED on both sides. Data can flow immediately in the client's ACK segment (TCP Fast Open) or in subsequent segments.

This handshake adds exactly 1 RTT of latency before any application data can be sent. This cost is paid before TLS negotiation (TLS Handshake), meaning a full HTTPS connection establishment costs 2–3 RTTs total.

Connection teardown uses a four-way exchange: FIN from the closing side, ACK from the other, FIN from the other, and final ACK. TCP's TIME_WAIT state holds the connection open for 2×MSL (typically 60–120 seconds) to handle delayed duplicate packets.

QUIC (used in HTTP/3) eliminates the TCP handshake by building its own reliability and ordering over UDP, integrating TLS 1.3 into a single 1-RTT handshake.