Which of the following statements regarding the Secure Sockets Layer (SSL) security model are true? Each
correct answer represents a complete solution. (Choose two.)
A. The server always authenticates the client.
B. The client can optionally authenticate the server.
C. The server can optionally authenticate the client.
D. The client always authenticates the server.
In the SSL model of security, the client always authenticates the server, and the server has the option to
authenticate the client. In normal circumstances, Web servers do not authenticate the client during the
handshake process. The verification of the client can be done externally from the SSL session to reserve
precious processing resources for encrypted transactions.
The following image shows the steps SSL takes during the handshake process: