SSL was originally developed to add security to HTTP. Over time, SSL was replaced with a more efficient and more secure protocol, called TLS. TLS handshakes are the basis of how HTTP creates a secure communication session. A TLS handshake occurs between the two participating entities—the client and the server. This process is shown in the following diagram:

A TLS handshake establishes a secure connection between the participating nodes. The following are the steps that are involved in this process:

1. The client sends a client hello message to the server. The message also contains the following:
   • The version of TLS that is used
   • The list of cipher suites supported by the client
   • A compression algorithm
   • A random byte string, identified by byte_client

2. The server sends a server hello message back to the client. The message also contains the following:
   • A cipher suite selected by the server from the list provided by the client
   • A session ID
   • A random byte string, identified by byte_server
   • A server digital certificate, identified by cert_server, containing the public key of the server
   • If the server requires a digital certificate for client authentication or a client certificate request, the client server request also includes the following:
     • The distinguished names of the acceptable CAs
     • The types of certificates supported
3. The client verifies cert_server.
4. The client generates a random byte string, identified by byte_client2, and encrypts it with the public key of the server provided through cert_server.
5. The client generates a random byte string and identifies encrypts with its own private key.
6. The server verifies the client certificate.
7. The client sends a finished message to the server, which is encrypted with a secret key.
8. To acknowledge this from the server side, the server sends a finished message to the client, which is encrypted with a secret key.
9. The server and client have now established a secure channel. They can now exchange messages that are symmetrically encrypted with the shared secret key. The entire methodology is shown as follows:

Now, let's discuss how we can use asymmetric encryption to create Public Key Infrastructure (PKI), which is created to meet one or more security goals for an organization.