The SSL handshake is an exchange of information
that takes place between the client and the server when a connection
is established. It is during the handshake that client and server
negotiate the encryption algorithms that they will use, and authenticate
one another.
The main features of the SSL handshake are:
- The client and server exchange information about the SSL version
number and the cipher suites that they both support.
- The server sends its certificate and other information to the
client. Some of the information is encrypted with the server's private
key. If the client can successfully decrypt the information with the
server's public key, it is assured of the server's identity.
- If client authentication is required, the client sends its certificate
and other information to the server. Some of the information is encrypted
with the client's private key. If the server can successfully decrypt
the information with the client's public key, it is assured of the
client's identity.
- The client and server exchange random information which each generates
and which is used to establish session keys: these are symmetric keys
which are used to encrypt and decrypt information during the SSL session.
The keys are also used to verify the integrity of the data.