SSL/TLS one-way and two-way authentication principle

Recently, I am working on a project in which secure transmission is used, and I have studied SSL/TLS one-way and two-way authentication.
1. SSL/TLS one-way authentication: the client will authenticate the identity of the server, and the server will not authenticate the client
2. SSL/TLS two-way authentication: both the client and the server will authenticate each other, that is, certificate exchange
is All applications are one-way authentication. If the client source is required to be authenticated in the scenario, two-way authentication can be implemented. The two-way authentication process is described below. The

authentication process

SSL messages are sent in the following order:
1. Client Hello
The client sends the server information, including the information it supports. cipher suite. There are cipher algorithms and key sizes in the cipher suite;
2. The Server Hello
server selects a cipher suite supported by both the client and the server to the client.
3. The Certificate
server sends a certificate or a certificate chain to the client, a certificate chain starting with the server public key certificate and ending with the root certificate proving authority. This message is optional, but must be used when a server certificate is required.
4. Certificate request
When the server needs to authenticate the client, it sends a certificate request to the client. In network programs, this message is rarely sent.
5. Server key exchange
The server sends a server key exchange message when the public key sent is not sufficient for key exchange.
6. Server hello done
The server tells the client to complete its initial flow of messages.
7. Certificate
If the server needs a client certificate, the client sends a certificate chain. (Only if the server needs a client certificate)
8. Client key exchange
The client generates a key for the symmetric algorithm. Encrypt this key message with the server's public key to the RSA client and send it to the server.
9. Certificate verify
In network programs, this message is rarely sent, it is mainly used to allow the server to end the authentication process for the client. When using this message, the client sends a digitally signed message using a cryptographic function to the server, and when the server decrypts the message with the public key, the server can authenticate the client.
10. Change cipher spec The
client sends a message telling the server to change the cipher mode.
11. The Finished
client tells the server that it is ready for secure data communication.
12. Change cipher spec The
server sends a message to the client and tells the client to change the cipher mode.
13. The Finished
server tells the client that it is ready for secure data communication. This is the last step of the client-server handshake protocol.
14. Encrypted data
The client uses a symmetric encryption algorithm and cryptographic function with the server, and encrypts the communication with the secret key sent by the client to the server.