| TLS, Transport Layer Security |
|
|
Description | Glossary | RFCs | Publications | Obsolete RFCs |
| Protocol suite: | TCP/IP. |
| Protocol type: | Application layer protocol. |
| Related protocols: | DTLS, Datagram Transport Layer Security. |
| Ports: | |
| MIME subtype: | |
| SNMP MIBs: | |
| Working groups: | tls, Transport Layer Security. |
| Links: |
IANA: TLS parameters. IANA: TLS extensions. wiki: TLS. OpenSSL. |
The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications. The protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. At the lowest level, layered on top of some reliable transport protocol, is the TLS Record Protocol. The TLS Record Protocol provides connection security.
TLS is based on the SSL 3.0 protocol specification published by Netscape.
A single TLS record may be up to 16384 bytes in length.
A TLS message may span multiple TLS records.
A TLS certificate message may in principle be as long as 16MB.
Extension types:
| Type | Description | References |
|---|---|---|
| 0 | server_name | RFC 4366 |
| 1 | Maximum fragment length. | RFC 4366 |
| 2 | client_certificate_url | RFC 4366 |
| 3 | trusted_ca_keys | RFC 4366 |
| 4 | Truncated HMAC. | RFC 4366 |
| 5 | status_request | RFC 4366 |
| 6 | user_mapping | RFC 4681 |
| 7 | ||
| 8 | ||
| 9 | cert_type | RFC 5081 |
| 10 | elliptic_curves | RFC 4492 |
| 11 | ec_point_formats | RFC 4492 |
| 12 | srp | RFC 5054 |
| 13 | signature_algorithms | RFC 5246 |
| 14 | use_srtp | |
| 15 - 34 | ||
| 35 | SessionTicket TLS | RFC 4507 |
TLS Cipher Suites:
| Value | Description | References |
|---|---|---|
| 0x00, 0x00 | TLS_NULL_WITH_NULL_NULL | RFC 5246 |
| 0x00, 0x01 | TLS_RSA_WITH_NULL_MD5 | RFC 5246 |
| 0x00, 0x02 | TLS_RSA_WITH_NULL_SHA | RFC 5246 |
| 0x00, 0x03 | TLS_RSA_EXPORT_WITH_RC4_40_MD5 | RFC 4346 |
| 0xC0, 0x22 | TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA | RFC 5054 |
| 0xC0, 0x23 | TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 | RFC 5289 |
| 0xC0, 0x24 | TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 | RFC 5289 |
| 0xC0, 0x25 | TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 | RFC 5289 |
| 0xC0, 0x26 | TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 | RFC 5289 |
| 0xC0, 0x27 | TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 | RFC 5289 |
| 0xC0, 0x28 | TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 | RFC 5289 |
| 0xC0, 0x29 | TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 | RFC 5289 |
| 0xC0, 0x2A | TLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 | RFC 5289 |
| 0xC0, 0x2B | TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 | RFC 5289 |
| 0xC0, 0x2C | TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 | RFC 5289 |
| 0xC0, 0x2D | TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 | RFC 5289 |
| 0xC0, 0x2E | TLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 | RFC 5289 |
| 0xC0, 0x2F | TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 | RFC 5289 |
| 0xC0, 0x30 | TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 | RFC 5289 |
| 0xC0, 0x31 | TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 | RFC 5289 |
| 0xC0, 0x32 | TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 | RFC 5289 |
TLS Handshake Protocol.
TLS Record Protocol.
The TLS Record Protocol is a layered protocol.
At each layer, messages may include fields for length, description, and content.
The Record Protocol takes messages to be transmitted, fragments the data into manageable blocks,
optionally compresses the data, applies a MAC, encrypts, and transmits the result.
Received data is decrypted, verified, decompressed, reassembled, and then delivered to higher-level clients.
RFCs:
[RFC 2595] Using TLS with IMAP, POP3 and ACAP.
[RFC 2712] Addition of Kerberos Cipher Suites to Transport Layer Security (TLS).
[RFC 2716] PPP EAP TLS Authentication Protocol.
[RFC 2817] Upgrading to TLS Within HTTP/1.1.
[RFC 2818] HTTP Over TLS.
[RFC 3207] SMTP Service Extension for Secure SMTP over Transport Layer Security.
[RFC 3436] Transport Layer Security over Stream Control Transmission Protocol.
[RFC 3749] Transport Layer Security Protocol Compression Methods.
[RFC 3943] Transport Layer Security (TLS) Protocol Compression Using Lempel-Ziv-Stac (LZS).
[RFC 4132] Addition of Camellia Cipher Suites to Transport Layer Security (TLS).
[RFC 4162] Addition of SEED Cipher Suites to Transport Layer Security (TLS).
[RFC 4217] Securing FTP with TLS.
[RFC 4261] Common Open Policy Service (COPS) Over Transport Layer Security (TLS).
[RFC 4279] Pre-Shared Key Ciphersuites for Transport Layer Security (TLS).
[RFC 4492] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS).
[RFC 4507] Transport Layer Security (TLS) Session Resumption without Server-Side State.
[RFC 5246] The Transport Layer Security (TLS) Protocol Version 1.2.
[RFC 5289] TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM).
[RFC 2246] The TLS Protocol Version 1.0.
[RFC 2487] SMTP Service Extension for Secure SMTP over TLS.
[RFC 3268] Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS).
[RFC 3546] Transport Layer Security (TLS) Extensions.
[RFC 4346] The Transport Layer Security (TLS) Protocol Version 1.1.
[RFC 4366] Transport Layer Security (TLS) Extensions.
|
|
Description | Glossary | RFCs | Publications | Obsolete RFCs |