The handshake between the client and server in SSL/TLS operates as follows:
- Client sends a clientHello message to the server and the client’s random value and supported cipher suites
- The server sends a serverhello message to the client and the server’s random value
- The server sends its certificate to the client for authentication and may request a certificate from the client.
- The server sends serverHelloDone message
- If the server requested a certificate from the client, then the client sends it
- The client creates a random Pre-Master Secret and encrypts it with the public key from the server’s certificate
- The client sends the encrypted Pre-Master Secret to the Server
- The server and the client each generate the Master Secret and session keys based on the Pre-Master Secret
- The client sends the ChangeCipherSpec notification to the server to begin using the session keys for hashing and encrypting data.
- The client sends the clientFinished message.
- The server gets the ChangeCipherSpec and switches to symmetric encryption using the session key.
- The server sends serverFinished message.
- The client and server can now exchange application data using the symmetric encryption and session key.
 TLS/SSL also has a process for resuming a session:
- The client sends a clientHello message using the Session ID of the session to be resumed
- The server checks its cache for the Session ID, if it finds it, then the session is resumed by sending a serverHello Message to the client with the Session ID. Otherwise a completely new handshake is performed
- If the Session ID was found, then the handshake resumes at step 9.
| 