TLS handshake: Client Hello → Server Hello + Certificate → Key Exchange (ECDHE) → Server Finished → Client Finished → Encrypted Application Data. TLS 1.3 requires fewer round trips than TLS 1.2.
TLS 1.3 is faster (0-RTT for resumed sessions) and more secure (no weak cipher suites, mandatory forward secrecy). TLS 1.0/1.1 are deprecated. Disable them on all servers. TLS 1.2 is still widely used; TLS 1.3 is preferred.