Review this information to understand the technology involved
in creating an SSL connection between a server and a client.
During an SSL handshake, a client and server securely
exchange digital signatures and encryption keys by using a public-key
algorithm (usually RSA). The client and server establish a secure
connection with this identity and key information. After the client
and server establish a secure session, they transmit the data to each
other, encrypting it with a symmetric algorithm, such as AES.
The
client and server do the following steps during the SSL handshake:
- The client requests an SSL connection and includes a list of its
supported cipher suites in that request.
- The server responds by selecting a cipher suite from the list.
- The server sends its digital certificate to the client.
- The client authenticates the server certificate by checking with
the trusted certificate authority that issued the server certificate
or by checking its own key database.
- The client and server securely negotiate a session key and a message
authentication code (MAC).
- The client and server securely exchange information using the
key and the selected MAC.
The optional authentication of the client is not supported
during the SSL handshake.