The 7705 SAR supports TLS client (PCC) functionality as well as TLS bidirectional authentication, where the PCE requests the client certificate to authenticate the PCC.
In a typical TLS handshake, the client starts the handshake with a ClientHello message. The server provides the server certificate for authentication to the client and sends a list of server-accepted ciphers.
The server can optionally ask the client to provide the client certificate using the server CertificateRequest option. When this option is present, the client provides the server with the client certificate, and if the certificate is authenticated, the TLS symmetric key is negotiated and the TLS session is established. The symmetric key is used to encrypt the TLS datapath.
See the 7705 SAR System Management Guide for more information about the TLS handshake steps.