Complete the (TLS 1.2) handshake steps.
1) Client sends ClientHello with supported ciphers. 2) Server responds with ServerHello, its certificate, and key exchange params. 3) Client verifies the certificate chain and computes the pre-master secret. 4) Both derive the session keys. 5) Each side sends Finished and switches to encrypted application data.
TLS 1.2 (shown here) takes two full round trips before application data flows. TLS 1.3 improves on this in two key ways: (1) it cuts the handshake to one round trip by including the client's key-share directly in the ClientHello, so the server can compute session keys immediately; (2) it removes insecure cipher suites — static RSA key exchange is gone entirely (it lacked forward secrecy), leaving only ephemeral Diffie-Hellman (ECDHE) variants. TLS 1.3 also encrypts more of the handshake itself, hiding certificate information from passive observers.
References