This figure shows the handshake messages for a typical SSL connection between a Web server and a browser.

  1. The client sends a Hello message to the server.

  2. The server responds by sending a Hello message to the client.

  3. The server sends its certificate to the client.

  4. The client authenticates the server using the server's certificate.

  5. The client generates a random value ("pre-master secret"), encrypts it using the server's public key, and sends it to the server.

  6. The server uses its private key to decrypt the message to retrieve the pre-master secret.

  7. The client and server separately calculate the keys that will be used in the SSL session.

  8. The client and server send a Finished message to each other.

  9. The client and server now transfer data using the encryption and hashing keys and algorithms.