SRA Overview | 19SSL Handshake ProcedureThe following procedure is an example of the standard steps required to establish an SSLsession between a user and an SRA gateway using the SRA Web-based managementinterface:Step 1 When a user attempts to connect to the SRA appliance, the user’s Web browser sendsinformation about the types of encryption supported by the browser to the appliance.Step 2 The appliance sends the user its own encryption information, including an SSL certificate witha public encryption key.Step 3 The Web browser validates the SSL certificate with the Certificate Authority identified by theSSL certificate.Step 4 The Web browser generates a pre-master encryption key, encrypts the pre-master key usingthe public key included with the SSL certificate and sends the encrypted pre-master key to theSRA gateway.Step 5 The SRA gateway uses the pre-master key to create a master key and sends the new masterkey to the user’s Web browser.Step 6 The browser and the SRA gateway use the master key and the agreed upon encryptionalgorithm to establish an SSL connection. From this point on, the user and the SRA gatewaywill encrypt and decrypt data using the same encryption key. This is called symmetricencryption.Step 7 Once the SSL connection is established, the SRA gateway will encrypt and send the Webbrowser the SRA gateway login page.Step 8 The user submits his user name, password, and domain name.Step 9 If the user’s domain name requires authentication through a RADIUS, LDAP, NT Domain, orActive Directory Server, the SRA gateway forwards the user’s information to the appropriateserver for authentication.Step 10 Once authenticated, the user can access the SRA portal.IPv6 Support OverviewInternet Protocol version 6 (IPv6) is a replacement for IPv4 that is becoming more frequentlyused on networked devices. IPv6 is a suite of protocols and standards developed by theInternet Engineering Task Force (IETF) that provides a larger address space than IPv4,additional functionality and security, and resolves IPv4 design issues. You can use IPv6without affecting IPv4 communications.IPv6 supports stateful address configuration, which is used with a DHCPv6 server, andstateless address configuration, where hosts on a link automatically configure themselves withIPv6 addresses for the link, called link-local addresses.In IPv6, source and destination addresses are 128 bits (16 bytes) in length. For reference, the32-bit IPv4 address is represented in dotted-decimal format, divided by periods along 8-bitboundaries. The 128-bit IPv6 address is divided by colons along 16-bit boundaries, where each16-bit block is represented as a 4-digit hexadecimal number. This is called colon-hexadecimal.The IPv6 address, 2008:0AB1:0000:1E2A:0123:0045:EE37:C9B4 can be simplified byremoving the leading zeros within each 16-bit block, as long as each block has at least onedigit. When suppressing leading zeros, the address representation becomes:2008:AB1:0:1E2A:123:45:EE37:C9B4