Handshake Protocol – Phase 2

• Most of this is optional

• Server sends it’s certificate (X.509s) if it needs to be authenticated

• server_key_exchange message is sent. This is a hash which includes nonces to prevent replay attacks

• Server can send a certificate_request message to the client

• Finally the server_done message (no parms) is always sent by the server to indicate the end of hello, authentication and exchange message

• Server waits for client response