ChangeCipherSpec

ChangeCipherSpec is a protocol message used in the TLS and DTLS handshakes to signal that subsequent records will be protected under the newly negotiated cryptographic parameters. It plays a key role in transitioning from the unauthenticated or partially authenticated handshake phase to the encrypted application data phase. In TLS versions up to 1.2, it is an explicit step in the handshake; TLS 1.3 does not use ChangeCipherSpec, as its handshake and key schedule are designed differently and do not rely on a separate changeover message.

Format and sequencing: The ChangeCipherSpec message is carried as a TLS/DTLS record with the content type ChangeCipherSpec

Operational considerations: Correct sequencing is essential; if ChangeCipherSpec messages are lost, reordered, or not processed in

See also: Transport Layer Security, Datagram Transport Layer Security, Finished message, Record layer, Cipher suite, TLS