What is the first step of TLS handshake?

In TLS handshakes, the client begins by sending a Client Hello to start negotiations. This message is the client's invitation to establish a secure connection. It carries essential information: the highest TLS version the client supports, a list of cipher suites it can use, a random value used later to derive keys, and optional extensions like Server Name Indication to help the server select the right certificate. The server reads this and then responds with its own Server Hello, choosing the protocol version and cipher suite to use and providing its own random value. Only after this exchange do the key exchange steps, certificates, and the final verification occur, culminating in a Finished message. So the Client Hello is first because it initiates the handshake and communicates the client’s capabilities and preferences, setting the stage for all subsequent security parameters. The other messages come later as part of the negotiated setup and verification process.