In mutual authentication/two way ssl over HTTPS, is the client certificate passed each time to the server with every call?

Question

Also, is the server certificate also passed each time for every response?

And is there any particular link/book where I can do more reading specifically about these things?

Thanks.

Answer 1

With a full handshake the complete certificates are transferred. If the SSL session then gets a proper SSL shutdown before terminating the underlying TCP connection and if client and server support it this session can later be resumed. In this case only the session ticket gets exchanged and not the full certificates again.

There are lots of resources which describe this if you search for "SSL handshake", e.g. http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html