TLS is the successor to Secure Socket Layer, and the TLS handshake works much the same way as the SSL handshake did.
The gist is that, after a TCP handshake is completed, the HTTP client initiates a second handshake in which cryptographic keys are exchanged. As part of this process, the client verifies the authenticity of the keys using a TLS (SSL) certificate.
Having completed this process, application layer messages (both header and payload) are encrypted, but the enveloping Transport control protocol (TCP) header is not.