Here’s a simple definition of how the SSL handshake works:
The SSL uses asymmetric encryption to privately share the common password to be used later in the communication for symmetric encryption.
- The client initiates the connection and says he wants to connect with the server.
- The server sends the certificates to the client with a “public key”.
- The client receives the official certificate / check if it’s valid then uses that public key (sent from the server) to encrypt a secret password (for symmetric encryption) for communication.
- The server receives that encrypted message and uses his “private key” to decrypt it, then he uses the password for encrypting/decrypting the communication using “Symmetric encryption”.
Voila, I hope that this definition will help you grasp the basics.