How does SSL/TLS work?
High-level description of the protocol
Some more detailsWhy can you trust Google.com by trusting GeoTrust?
So if I know the public key, the server can prove its identity?
But a CA can make me trust any server they want!
What is this MAC for message authentication?
You said the client sends a key, which is then used to setup symmetric encryption. What prevents an attacker from using it?