12.2 TLS Handshake Protocol

The GnuTLS handshake protocol is implemented as a state machine that waits for input or returns immediately when the non-blocking transport layer functions are used. The main idea is shown in the following figure.

Also the way the input is processed varies per ciphersuite. Several implementations of the internal handlers are available and gnutls_handshake only multiplexes the input to the appropriate handler. For example a PSK ciphersuite has a different implementation of the process_client_key_exchange than a certificate ciphersuite.