SSL also provides the ability for both the client and server to identify themselves and enables applications to prohibit communications with unknown parties. This is accomplished by digital certificates which are exchanged between the sockets before they are secured. The entire topic of digital certificates is beyond the scope of this article, however I will touch on it briefly.
During the initialization of the SSL communication, the server sends its certificate to the client. The server's certificate includes identifying information and also an encryption key which this client should use for the encrypted communication to follow. The client is able to verify the authenticity of the certificate to prove to itself that it is indeed communicating with the correct mail server, otherwise an error is thrown.After the client has authenticated the server, the client may also supply a certificate to identify itself. This step is optional, but its purpose is to enable the server to authenticate the client. In an email system for example, the server may be configured to only communicate with known clients. This level of security is not usually implemented because it requires special setup on each client as well as more administrative work on the server, thus negating the transparency of SSL to the end user. Perhaps as email clients and servers get more robust they might make client authentication easier for the users and administrators.