The TLS 1.2 Handshake
Communication using SSL begins with an exchange of information between the client and the server. This exchange of information is called the SSL handshake. The SSL handshake includes the following stages:
1. Negotiating the cipher suite
The SSL session begins with a negotiation between the client and the server as to which cipher suite they will use. Acipher
suite is a set of cryptographic algorithms and key sizes that a computer can use to encrypt
data. The cipher suite includes information about the public key exchange algorithms or key
agreement algorithms, and cryptographic hash functions. The client tells the server which cipher
suites it has available, and the server chooses the best mutually acceptable cipher suite.2. Authenticating the server's identity (optional)
In SSL, the authentication step is optional, but in the example of an e-commerce transaction over the web, the client will generally want to authenticate the server. Authenticating the server allows the client to be sure that the server represents the entity that the client believes the server represents.To prove that a server belongs to the organization that it claims to represent, the server presents its public key certificate to the client. If this certificate is valid, then the client can be sure of the identity of the server.
The client and server exchange information that allows them to agree on the same secret key. For example, with RSA, the client uses the server's public key, obtained from the public key certificate, to encrypt the secret key information. The client sends the encrypted secret key information to the server. Only the server can decrypt this message because the server's private key is required for this decryption.