Client Server
generate random number
RNC client_hello (crypto information, )
generate random number
RNC
RNC RNS
server_hello (crypto information, )RNS
RNC RNS
server certificate
RNC
RNS
demand client certificate check server certificate
known information known information
public key server private key server
RNC RNS
public key client private key client
client certificate
check client certificate client certificate (encrypted with Private Key Client)
check encrypted client certificate
RNC RNS
generate random number pre-master-secret PMS
RNC PMS RNS
send encrypted with public key serverPMS
RNC RNS PMS
calculate Master-Secret with PMS RNS RNC
MS MS
change to encrpted connection with as keyMS end SSL handshake
Phase 1
Phase 2
Phase 3
Phase 4 change to encrpted connection with as keyMS
end SSL handshake
RNC
SSL Handshake With Two Way Authentication with Certificates
Author: Christian Friedrich GNU Free Documentation License Creative Commons Attribution ShareAlike 3.0