The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping（窃听）, tampering（篡改）, or message forgery（伪造）.
The protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol.
The TLS Handshake Protocol involves the following steps:
- Exchange hello messages to agree on algorithms, exchange random values, and check for session resumption.
- Exchange the necessary cryptographic parameters to allow the client and server to agree on a premaster secret.
- Exchange certificates and cryptographic information to allow the client and server to authenticate themselves.
- Generate a master secret from the premaster secret and exchanged random values.
- Provide security parameters to the record layer.
- Allow the client and server to verify that their peer has calculated the same security parameters and that the handshake occurred without tampering by an attacker.
双因素认证（the parties are mutually authenticated）:
resumed from Session ID
session identifier: An arbitrary byte sequence chosen by the server to identify an active or resumable session state.
“Server Hello” message contains a 32 byte session ID in case we want to reconnect without a big handshake.
The client sends a
ClientHello using the Session ID of the session to be resumed.
The server then checks its session cache for a match.
If a match is found, and the server is willing to re-establish the connection under the specified session state, it will send a
ServerHello with the same Session ID value.
At this point, both client and server MUST send
ChangeCipherSpec messages and proceed directly to Finished messages.
Once the re-establishment is complete, the client and server MAY begin to exchange application layer data.
If a Session ID match is not found, the server generates a new session ID, and the TLS client and server perform a full handshake.
1. Message Flow with SupplementalData 2. Double Handshake to Protect Supplemental Data