Which of the following statements regarding the Secure Sockets Layer (SSL) security model are true?
Each correct answer represents a complete solution. Choose two.
A.
The server always authenticates the client.
B.
The client can optionally authenticate the server.
C.
The server can optionally authenticate the client.
D.
The client always authenticates the server.
Explanation:
In the SSL model of security, the client always authenticates the server, and the server has the
option to authenticate the client. In normal circumstances, Web servers do not authenticate the
client during the handshake process. The verification of the client can be done externally from the
SSL session to reserve precious processing resources for encrypted transactions. The following image
shows the steps SSL takes during the handshake process :
