"A VPN SSL connection is established through a process known as a handshake. It starts when the client sends a 'Hello' message, which contains the SSL version that the client supports, the order the client prefers the versions, crypto algorithms supported by the client, and a random number. The server responds with its Hello message with similar information and the Session ID. It also sends an authentication certificate known as a PKI. The client will then send its certificate if the server has also requested client authentication in the server hello message. Next, the client will send a Client Key Exchange (CKE) message after calculating the premaster using the random values exchanged by the server and client, encrypting it with the server's public key. The server can decrypt the premaster secret using its private key. Both client and server perform symmetric series of steps generating session keys that encrypt and decrypt data exchanged during the SSL session. The client sends a Change Cipher Suite message letting the server know that future messages will be encrypted using the session key. Once the handshake is completed, the client sends a Client Finish message, both before and after the server acknowledges the Change Cipher Suite message."