TLS Handshake Overhead Calculator

Reviewed by the CalculatorHub team, edited by James Graham. RTT counts from IETF RFC 8446 (TLS 1.3) and RFC 5246 (TLS 1.2). Last verified 15 June 2026.

Every new TLS connection incurs a handshake latency cost before any application data flows. TLS 1.2 requires 2 round trips before the client can send HTTP data; TLS 1.3 reduces this to 1 round trip, halving the handshake overhead. This calculator takes the network round-trip time and TLS version to compute the total handshake latency, the saving from upgrading to TLS 1.3, and the approximate byte cost of the handshake messages. These figures matter for high-volume API services, where handshake latency can dominate the total request time for short-lived connections.

Round-trip time (milliseconds) Typical LAN: 1ms, US broadband: 20-50ms, transatlantic: 100-150ms

TLS version

Number of new connections

Handshake latency per connection (ms)

0.00

Total overhead for all connections (ms)

0.00

TLS handshake overhead formula

TLS 1.2 full handshake: 2 RTTs
TLS 1.3 full handshake: 1 RTT
Handshake latency (ms) = RTT count x RTT (ms)
Total overhead (ms) = connections x handshake latency (ms)

The TCP connection itself requires 1 RTT (the SYN/SYN-ACK/ACK three-way handshake, net 1 RTT before data). The TLS handshake adds on top of this. Total connection setup latency for a new TLS 1.2 connection is 3 RTTs; for TLS 1.3 it is 2 RTTs.

TLS version comparison

TLS 1.0 and 1.1: deprecated by NIST and removed from browsers. Do not use.
TLS 1.2 (RFC 5246): 2-RTT full handshake, 1-RTT session resumption. Still widely used.
TLS 1.3 (RFC 8446, published 2018): 1-RTT full handshake, 0-RTT session resumption (with caveats). Removes weak ciphers, mandatory forward secrecy.
Upgrading from TLS 1.2 to 1.3 saves one RTT per new connection, reducing handshake latency by 50% at the TLS layer.

TLS handshake overhead calculator: frequently asked questions

How many round trips does a TLS 1.3 handshake require?

TLS 1.3 requires 1 RTT for a new connection. When 0-RTT (early data) is used for session resumption with a known server, the handshake overhead can be effectively 0 RTT for the application data, though the security implications of 0-RTT must be considered.

How many round trips does TLS 1.2 require?

TLS 1.2 requires 2 RTTs for a full handshake (one for client hello and server hello, one for key exchange and finished). Session resumption with TLS 1.2 can reduce this to 1 RTT using session tickets.

What is a round-trip time (RTT)?

RTT is the time for a signal to travel from client to server and back. A typical RTT on a US broadband connection is 10 to 50 milliseconds. Transatlantic RTTs are typically 80 to 150 milliseconds. RTT directly multiplies handshake latency.

Does TLS add overhead to every request after the handshake?

After the handshake, TLS adds a small per-record overhead: a 5-byte header, authentication tag (16 bytes for AES-GCM), and optional padding. For typical HTTP requests this adds less than 1% overhead. The handshake latency is a one-time cost per connection.

How does TLS 1.3 improve on TLS 1.2?

TLS 1.3 reduces the handshake from 2 RTTs to 1 RTT, removes weak cipher suites and RSA key exchange, mandates forward secrecy via (EC)DHE, and encrypts more of the handshake. This improves both security and performance. RFC 8446 specifies TLS 1.3.

Official sources

IETF RFC 8446 The Transport Layer Security (TLS) Protocol Version 1.3: rfc-editor.org/rfc/rfc8446.
NIST SP 800-52 Rev 2 Guidelines for the Selection, Configuration, and Use of TLS Implementations: csrc.nist.gov.

Reviewed by the CalculatorHub team, edited by James Graham, 15 June 2026. See our methodology.