While SSL/TLS can be used with certificates on both ends, in practice this is very very rare. Servers typically don't care who their clients are thus they don't request client certificates. This is actually a good thing, otherwise the system would be unusable by the average user. Not to mention the client costs to maintain a certificate would make it financially completely impractical.
As far as snooping the SSL handshake, that won't gain you anything unless you know how to break the underlying cipher or have the server private key already. As mentioned in a few recent articles already, the underlying AES cipher is still mathematically sound, though the older 128 bit keys slowly get less and less secure primarily through computational advances enabling brute force attacks. I expect 128-bit AES to be completely replaced within 10 years with more critical deployments already switching to 256-bit keys.