Which sequence describes the TLS 1.2 handshake in the typical flow?

TLS 1.2 handshake is a step-by-step process that first authenticates the server and establishes how to protect the session, then switches to encrypted communication. The flow starts with the client offering what it supports, followed by the server choosing parameters, sending its identity, and optionally requesting a client certificate. If ephemeral key exchange is used, a ServerKeyExchange message carries the necessary math parameters (like DH or ECDH). After the server indicates the end of its hello phase, the client may send its own certificate if requested, then provides the key material with ClientKeyExchange. The handshake then moves into protected mode with ChangeCipherSpec and Finished, first from the client and then from the server, signaling that subsequent application data will be encrypted and integrity-protected. The sequence shown includes the essential steps in the typical flow: ClientHello, ServerHello, Certificate (server identity), optional ServerKeyExchange (for ephemeral key exchanges), optional CertificateRequest (if the server asks for a client cert), ServerHelloDone, ClientKeyExchange (and possibly CertificateVerify if a client cert is used), ChangeCipherSpec, and Finished, followed by the server’s ChangeCipherSpec and Finished. This arrangement captures the standard order and the optional steps, which is why it’s the best description of a typical TLS 1.2 handshake.