[tialaramex]

NB Like this 2009 article, that cartoon is explaining a mechanism which is now obsolete. Your browser still knows how to do things that way (for at least a while yet), but it would rather not because it's less safe for you.

The TLS 1.3 walk through somebody else linked represents more or less what an actual browser does when talking to many popular sites, and even though TLS 1.3 isn't a majority of sites yet the behaviour for most (but not all) TLS 1.2 sites now more resembles that than these older articles in crucial ways.

Most essentially, we do not do RSA kex (client picks random secret, encrypts it with RSA, sends it to the server, thus implicitly verifying the server knows the RSA private key) unless that's the only permitted way to get access. For whatever reason people like explaining RSA key exchange, long after we don't like using it because it isn't Forward Secret.