How to work SSL Handshake

How to work SSL Handshake

 -->>> Client initiates by sending a CLIENT HELLO message which contains SSL version that the client supports, in what order the client prefer the versions, Ciphersuits (Cryptographic Algorithms) supported by the client, Random Number.

--->> Server will send back a SERVER HELLO message Which contains Version Number (Server selects SSL version that is supported by both the server and the client), Cipher Suits (selected by server the best cipher suite version that is supported by both of them), Session ID, Random Data.

--->>> Server also sends PKI certificate for authenticating himself signed and verified by Certificate Authority along with the public key for encryption.

-->>> Server will than send Server Hello Done indicating that the server has finished sending its hello message, and is waiting for a response from the client.

-->>> Client will sends its certificate if the server has also requested for client authentication in server hello message.

-->>> Client will sends Client Key Exchange message after calculating the premaster secret with the help of the random values of both the server and the client. This message is sent by encrypting it with the server's public key which was shared through the hello message.
Server will decrypt the premaster secret with its private key. Now both client and server will perform series of steps to generate session keys (symmetric) which will be used for encryption and decryption of data exchanges during SSL session and also to verify its integrity.

-->>> Client will send CHANGE CIPHER SUITE message informing the server that future messages will be encrypted using session key.

-->> Client will send CLIENT FINISH (DONE) message indicating that client is done.

-->>> Server will also send CHANGE CIPHER SUITE message.

-->> .Client will also send CLIENT FINISH (DONE) message.