ssl challenge response

Does the SSL protocol require a challenge to check whethe开发者_JS百科r the subjected machine has access to its private key?

I recommend reading the paper A first few milliseconds of an HTTPS connection. It describes the handshake quite well. You can also fire up wireshark and follow along.

Only in 2 way authentication. Take a peek at this image for the "standard" SSL handshaking and note the lack of a client private key (none is needed). In the 2 way authentication handshake the client must prove it's identity in the same way the server does as per that diagram.

In general the client doesn't need a private key since symmetric keys are created after the servers identity is verified.