CONCEPT Cited by 1 source

TCP three-way handshake

Definition

The TCP three-way handshake is the connection-establishment protocol used by TCP before any application data can flow. It guarantees a reliable, full-duplex connection where both peers have confirmed the other's presence and synchronised sequence numbers.

The exchange is three messages:

1. SYN — client sends a synchronise packet carrying its initial sequence number.
2. SYN-ACK — server acknowledges the client's SYN and sends its own SYN with its initial sequence number, in one combined segment.
3. ACK — client acknowledges the server's SYN. The connection is now open in both directions.

"TCP uses a three-way handshake to establish a reliable connection. The connection is full duplex, and both sides synchronize (SYN) and acknowledge (ACK) each other. The exchange of these four flags is performed in three steps — SYN, SYN-ACK, and ACK." (Source: sources/2023-07-25-zalando-all-you-need-to-know-about-timeouts)

Why it matters for timeouts

The handshake is the load-bearing event bounded by the connection timeout. Completion requires approximately one round-trip time between the two peers:

• Client → server (SYN) — ½ RTT.
• Server → client (SYN-ACK) — ½ RTT (one full RTT cumulative).
• Client → server (ACK) — ½ RTT (but application can start sending data immediately after).

Because completion is dominated by RTT, connection timeouts are sized as a small multiple of RTT — the Zalando article canonicalises RTT × 3 as a conservative default.

Failure modes

A failed handshake is what triggers a connection timeout. Structural causes the Zalando article names:

• SYN is dropped silently by a firewall or security group that blackholes traffic rather than responding with RST/ICMP.
• No process listening on the target port — produces a TCP RST from the kernel (fast failure, typically not a timeout).
• Server host is down — no ARP response, no route — eventual timeout at the client.
• Wrong IP / wrong DNS — SYN goes to a machine that isn't the intended peer.

Distinguishing a handshake failure from a slow server requires the orthogonal separation of connection timeout vs. request timeout.

Variant: TCP Fast Open and TLS 1.3 0-RTT

Later-era protocols amortise the handshake:

• TCP Fast Open lets the client piggy-back application data on the SYN (subject to a cookie exchanged on a prior handshake).
• TLS 1.3 0-RTT — see [[concepts/tls-1-3-zero-rtt- handshake]] — reduces the TLS handshake round-trip cost on top of TCP.

Neither eliminates the foundational TCP three-way handshake on the first connection from a given client.

Seen in

• sources/2023-07-25-zalando-all-you-need-to-know-about-timeouts — uses the three-way handshake to ground connection-timeout sizing.

Related

• concepts/connection-timeout — the client-side bound on handshake completion.
• concepts/round-trip-time-rtt — the network property determining handshake duration.
• concepts/tls-1-3-zero-rtt-handshake — TLS-layer amortisation of repeated connections.