The SSL handshake is an exchange of information that takes place between
the client and the server when a connection is established. It is during the
handshake that client and server negotiate the encryption algorithms that
they will use, and authenticate one another. The main features of the SSL
handshake are:
- The client and server exchange information about the SSL version number
and the cipher suites that they both support.
- The server sends its certificate and other information to the client.
Some of the information is encrypted with the server's private key. If the
client can successfully decrypt the information with the server's public key,
it is assured of the server's identity.
- If client authentication is required, the client sends its certificate
and other information to the server. Some of the information is encrypted
with the client's private key. If the server can successfully decrypt the
information with the client's public key, it is assured of the client's identity.
- The client and server exchange random information which each generates
and which is used to establish session keys: these are symmetric keys which
are used to encrypt and decrypt information during the SSL session. The keys
are also used to verify the integrity of the data.