When the server requests Client authentication, there are three additional handshake flows
(Transport Layer Security (TLS) 1.0, TLS 1.1, and TLS 1.2 handshake flows with client authentication) to the
normal SSL handshake:
Before the server sends the SERVER_DONE command, it sends a CERTIFICATE_REQUEST command to
request the client certificate. The command contains the names of the certificate authorities (CAs)
that the server trusts so that the client can provide a certificate signed by one of those CAs.
The client sends a CERTIFICATE command to send its certificate to the server.
The client sends a CERTIFICATE_VERIFY command to the server. This command includes a digest of
the SSL handshake messages that were signed using the client's private key. The server calculates
its own digest and uses the client's public key, which is obtained from the client's certificate, to
verify the digest sent by the client.
Figure 1 shows the updated handshake
flow. Figure 1. Handshake flow with client authentication
The handshake flow with client authentication for TLS 1.3 is different from the flow shown in the previous
figure. For more information, see RFC 8446.
