Client                                           Server

Key  ^ ClientHello
Exch | + server_certificate_type*
     | + client_certificate_type*
     | + key_share*
     v + signature_algorithms*       -------->
                                                ServerHello  ^ Key
                                               + key_share*  v Exch
                                      {EncryptedExtensions}  ^ Server
                                 {+ server_certificate_type*}| Params
                                 {+ client_certificate_type*}|
                                      {CertificateRequest*}  v
                                             {Certificate*}  ^
                                       {CertificateVerify*}  | Auth
                                                 {Finished}  v
                              <-------  [Application Data*]
     ^ {Certificate*}
Auth | {CertificateVerify*}
     v {Finished}             -------->
       [Application Data]     <------->  [Application Data]		
              +  Indicates noteworthy extensions sent in the
                 previously noted message.

              *  Indicates optional or situation-dependent
                 messages/extensions that are not always sent.

              {} Indicates messages protected using keys
                 derived from a [sender]_handshake_traffic_secret.

              [] Indicates messages protected using keys
                 derived from [sender]_application_traffic_secret_N.