Take stackoverflow for example, when the browser sends a request to stackoverflow.com, it has to do the following steps:
- DNS lookup. find the ip address of stackoverflow.
- TCP/IP handshake
- TLS handshake.
- HTTP request/response (Application Protocol).
- ….
TLS handshake
Regarding step3 TLS handshake, there is an nice explanation by @Oleg.
In order to inspect the detail of TCP/IP packet, You may need use some tools to capture packets. e.g. Wireshark.
Client sends ClientHello to server, which carries several things
- supported cipher suite. which cipher suites do you like?
- supported TLS version.
- a random number.
- the supported Application Protocols. e.g. HTTP/2, HTTP 1.1/ Spdy/..
- …
Server responds SeverHello, which carries
- chosen cipher suite.
- chosen TLS version.
- a random generated number
- And, chosen application protocols in TLS application-layer protocol negotiation (ALPN), e.g.
HTTP/2
Conclusion
HTTP2 request/response happens in step4. Before that, browser has already know whether sever support HTTP/2 through TLS handshake.