Establishing a Secure Session

A SSL session is established in the following sequence:

1. The client and the server exchange hello messages to negotiate the encryption algorithm and hashing function (for message integrity) to be used for the session.
2. The client requests an X.509 certificate from the server to verify the identity of the server. Optionally, the server can request a certificate from the client (known as Client Authentication). Certificates are verified by checking the certificate format and the validity dates, and by verifying that the certificate includes the signature of a trusted certificate authority (or is self-signed).
3. The client randomly generates a set of keys to be used for encryption. The keys are encrypted with the server's public key and are securely communicated to the server.