“Client” and “server” are just an abstraction, the names of roles given to parties in an exchange, and they’re totally relative: the client is typically the one initiating the exchange, and the server the receiver / responser.

Another way to put it is the server provides an API, and the client consumes it or calls it.

A given party can play the role of client in one case or serve the request (and play the role of server) in another, as servers are frequently clients of other services.

Most communications are secured using TLS, a transport-level protocol for authenticating a server to a client and encrypting communications between them. Occasionally parties make use of mutual TLS (mTLS), where both parties authenticate each other.

Client-client would imply point-to-point communication, like a peer-to-peer protocol, which is very rare.

Even end-to-end encryption between peers is often federated and relayed between some central, authoritative service. The Signal protocol is an example of a non-federated protocol, and yet in practice it still requires a centralized service through which clients who are peers route their communications and which authenticates clients, although it doesn’t know what the clients are telling each other.