60K-feet view of SSL handshake

SSL needs a handshake prior to the flow of information through the SSL pipe. Here is roughly what happens between a client and server during the handshake -

1. Client initiates SSL and sends "Client Hello" message to the server over the TCP connection. This message lists the client's supported cipher suites, SSL version etc.
2. Server responds back with a "Server Hello" message indicating the cipher suite chosen and a session Id.
3. Server then sends back its Certificate. At this point the client may send the certificate for Certificate verification and the future of the connection may depend on this verification outcome.
4. Optional step: If 2-way SSL is enabled, then the server also sends "Client Certificate Challenge" message
5. Optional step: If 2-way SSL is enabled and on receipt of "Client Certificate Challenge" message, the client sends its certificate. At this point the server may send the certificate for Certificate verification and future of the connection may depend on this verification.
6. Client then sends a shared key in "Client Key Exchange" message encrypted with the server's public key.
7. Optional step: If 2-way SSL is enabled, the client sends "Certificate Verification" message. This is required for the client to authenticate to the server. The client signs the shared key using its private key and when the server retrieves this signed key, it verifies the signature using the public key it received earlier in step 5.
8. Client and server then send "Cipher Exchange" messages to get ready for exchange of information using the exchanged shared key
9. Client and server then send "Handshake finish" message. This message basically contains the hash of entire conversation until now. On successful receipt of this message at both ends, real communication can begin.

Then on, all the communication is encrypted using the shared key.