1) First the server authenticates itself to the client by sending its properly signed certificate. This phase is mandatory.
2) The client takes the server's certificate and creates a master key or (session key). The client then encrypts this master with the server's public key.
3) The client transmits the master or (session key) to the server.
4) The server checks this master or (session key) and creates the session.
5) The remainder of the session (all remaining information) is encrypted using the master or (session key).
6) The optional client authentication phase occurs after the initial phase. In this phase the server sends a challenge response message.
7) The client proves its identity by returning the original challenge, the client's digital signature, and the client's public key.