Table of Contents
Advertisement
SSL Handshake Procedure
The following procedure is an example of the standard steps required to establish an SSL
session between a user and an SRA gateway using the SRA Web-based management
interface:
When a user attempts to connect to the SRA appliance, the user's Web browser sends
Step 1
information about the types of encryption supported by the browser to the appliance.
The appliance sends the user its own encryption information, including an SSL certificate with
Step 2
a public encryption key.
The Web browser validates the SSL certificate with the Certificate Authority identified by the
Step 3
SSL certificate.
The Web browser generates a pre-master encryption key, encrypts the pre-master key using
Step 4
the public key included with the SSL certificate and sends the encrypted pre-master key to the
SRA gateway.
The SRA gateway uses the pre-master key to create a master key and sends the new master
Step 5
key to the user's Web browser.
The browser and the SRA gateway use the master key and the agreed upon encryption
Step 6
algorithm to establish an SSL connection. From this point on, the user and the SRA gateway
will encrypt and decrypt data using the same encryption key. This is called symmetric
encryption.
Once the SSL connection is established, the SRA gateway will encrypt and send the Web
Step 7
browser the SRA gateway login page.
The user submits his user name, password, and domain name.
Step 8
If the user's domain name requires authentication through a RADIUS, LDAP, NT Domain, or
Step 9
Active Directory Server, the SRA gateway forwards the user's information to the appropriate
server for authentication.
Once authenticated, the user can access the SRA portal.
Step 10
IPv6 Support Overview
Internet Protocol version 6 (IPv6) is a replacement for IPv4 that is becoming more frequently
used on networked devices. IPv6 is a suite of protocols and standards developed by the
Internet Engineering Task Force (IETF) that provides a larger address space than IPv4,
additional functionality and security, and resolves IPv4 design issues. You can use IPv6
without affecting IPv4 communications.
IPv6 supports stateful address configuration, which is used with a DHCPv6 server, and
stateless address configuration, where hosts on a link automatically configure themselves with
IPv6 addresses for the link, called link-local addresses.
In IPv6, source and destination addresses are 128 bits (16 bytes) in length. For reference, the
32-bit IPv4 address is represented in dotted-decimal format, divided by periods along 8-bit
boundaries. The 128-bit IPv6 address is divided by colons along 16-bit boundaries, where each
16-bit block is represented as a 4-digit hexadecimal number. This is called colon-hexadecimal.
The IPv6 address, 2008:0AB1:0000:1E2A:0123:0045:EE37:C9B4 can be simplified by
removing the leading zeros within each 16-bit block, as long as each block has at least one
digit. When suppressing leading zeros, the address representation becomes:
2008:AB1:0:1E2A:123:45:EE37:C9B4
SRA Overview | 19
Hide quick links:
Advertisement
Chapters
Table of Contents
