TLS, Transport Layer Security

Description Glossary RFCs Publications Obsolete RFCs

Description:

Protocol suite: TCP/IP.
Protocol type:Application layer protocol.
Related protocols: DTLS, Datagram Transport Layer Security.
Ports:
MIME subtype:
SNMP MIBs:
Working groups: tls, Transport Layer Security.
IANA: TLS parameters.
TLS extensions.
Links: wiki: TLS.
OpenSSL.

RFC 4346:

The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications. The protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. At the lowest level, layered on top of some reliable transport protocol, is the TLS Record Protocol. The TLS Record Protocol provides connection security.

TLS is based on the SSL 3.0 protocol specification published by Netscape.

A single TLS record may be up to 16384 bytes in length.

A TLS message may span multiple TLS records.

A TLS certificate message may in principle be as long as 16MB.


Extension types:

TypeDescriptionReferences
0server_name RFC 4366
1Maximum fragment length. RFC 4366
2client_certificate_url RFC 4366
3trusted_ca_keys RFC 4366
4Truncated HMAC. RFC 4366
5status_request RFC 4366
6user_mappingRFC 4681
7  
8  
9cert_typeRFC 5081
10elliptic_curves RFC 4492
11ec_point_formats RFC 4492
12srpRFC 5054
13signature_algorithmsRFC 5246
14use_srtp 
15
-
34
  
35SessionTicket TLS RFC 4507

TLS Cipher Suites:

ValueDescriptionReferences
0x00, 0x00TLS_NULL_WITH_NULL_NULLRFC 5246
0x00, 0x01TLS_RSA_WITH_NULL_MD5RFC 5246
0x00, 0x02TLS_RSA_WITH_NULL_SHARFC 5246
0x00, 0x03TLS_RSA_EXPORT_WITH_RC4_40_MD5RFC 4346
0x00, 0x04TLS_RSA_WITH_RC4_128_MD5RFC 5246
0x00, 0x05TLS_RSA_WITH_RC4_128_SHARFC 5246
0x00, 0x06TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5RFC 4346
0x00, 0x07TLS_RSA_WITH_IDEA_CBC_SHA RFC 5469
0x00, 0x08TLS_RSA_EXPORT_WITH_DES40_CBC_SHARFC 4346
0x00, 0x09TLS_RSA_WITH_DES_CBC_SHA RFC 5469
0x00, 0x0ATLS_RSA_WITH_3DES_EDE_CBC_SHARFC 5246
0x00, 0x0BTLS_DH_DSS_EXPORT_WITH_DES40_CBC_SHARFC 4346
0x00, 0x0CTLS_DH_DSS_WITH_DES_CBC_SHA RFC 5469
0x00, 0x0DTLS_DH_DSS_WITH_3DES_EDE_CBC_SHARFC 5246
0x00, 0x0ETLS_DH_RSA_EXPORT_WITH_DES40_CBC_SHARFC 4346
0x00, 0x0FTLS_DH_RSA_WITH_DES_CBC_SHA RFC 5469
0x00, 0x10TLS_DH_RSA_WITH_3DES_EDE_CBC_SHARFC 5246
0x00, 0x11TLS_DHE_DSS_EXPORT_WITH_DES40_CBC_SHARFC 4346
0x00, 0x12TLS_DHE_DSS_WITH_DES_CBC_SHA RFC 5469
0x00, 0x13TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHARFC 5246
0x00, 0x14TLS_DHE_RSA_EXPORT_WITH_DES40_CBC_SHARFC 4346
0x00, 0x15TLS_DHE_RSA_WITH_DES_CBC_SHA RFC 5469
0x00, 0x16TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHARFC 5246
0x00, 0x17TLS_DH_anon_EXPORT_WITH_RC4_40_MD5RFC 4346
0x00, 0x18TLS_DH_anon_WITH_RC4_128_MD5RFC 5246
0x00, 0x19TLS_DH_anon_EXPORT_WITH_DES40_CBC_SHARFC 4346
0x00, 0x1ATLS_DH_anon_WITH_DES_CBC_SHA RFC 5469
   
0xC0, 0x22TLS_SRP_SHA_DSS_WITH_AES_256_CBC_SHA RFC 5054
0xC0, 0x23TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 RFC 5289
0xC0, 0x24TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 RFC 5289
0xC0, 0x25 TLS_ECDH_ECDSA_WITH_AES_128_CBC_SHA256 RFC 5289
0xC0, 0x26TLS_ECDH_ECDSA_WITH_AES_256_CBC_SHA384 RFC 5289
0xC0, 0x27TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 RFC 5289
0xC0, 0x28TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 RFC 5289
0xC0, 0x29 TLS_ECDH_RSA_WITH_AES_128_CBC_SHA256 RFC 5289
0xC0, 0x2ATLS_ECDH_RSA_WITH_AES_256_CBC_SHA384 RFC 5289
0xC0, 0x2BTLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 RFC 5289
0xC0, 0x2CTLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 RFC 5289
0xC0, 0x2D TLS_ECDH_ECDSA_WITH_AES_128_GCM_SHA256 RFC 5289
0xC0, 0x2ETLS_ECDH_ECDSA_WITH_AES_256_GCM_SHA384 RFC 5289
0xC0, 0x2FTLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 RFC 5289
0xC0, 0x30TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 RFC 5289
0xC0, 0x31TLS_ECDH_RSA_WITH_AES_128_GCM_SHA256 RFC 5289
0xC0, 0x32TLS_ECDH_RSA_WITH_AES_256_GCM_SHA384 RFC 5289
0xC0, 0x33TLS_ECDHE_PSK_WITH_RC4_128_SHARFC 5489
   

TLS Authorization Data Formats:

TypeDescriptionReferences
0x509_attr_certRFC 5878
1saml_assertionRFC 5878
2x509_attr_cert_urlRFC 5878
3saml_assertion_urlRFC 5878
4
-
63
  
64keynote_assertion_list RFC 6042
65keynote_assertion_list_url RFC 6042
66
-
223
  
224
-
255
Reserved for private use.RFC 5878

Glossary:

TLS Handshake Protocol.

TLS Record Protocol.
The TLS Record Protocol is a layered protocol. At each layer, messages may include fields for length, description, and content. The Record Protocol takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result. Received data is decrypted, verified, decompressed, reassembled, and then delivered to higher-level clients.


RFCs:

[RFC 2595] Using TLS with IMAP, POP3 and ACAP.

[RFC 2712] Addition of Kerberos Cipher Suites to Transport Layer Security (TLS).

[RFC 2716] PPP EAP TLS Authentication Protocol.

[RFC 2817] Upgrading to TLS Within HTTP/1.1.

[RFC 2818] HTTP Over TLS.

[RFC 3207] SMTP Service Extension for Secure SMTP over Transport Layer Security.

[RFC 3436] Transport Layer Security over Stream Control Transmission Protocol.

[RFC 3749] Transport Layer Security Protocol Compression Methods.

[RFC 3943] Transport Layer Security (TLS) Protocol Compression Using Lempel-Ziv-Stac (LZS).

[RFC 4132] Addition of Camellia Cipher Suites to Transport Layer Security (TLS).

[RFC 4162] Addition of SEED Cipher Suites to Transport Layer Security (TLS).

[RFC 4217] Securing FTP with TLS.

[RFC 4261] Common Open Policy Service (COPS) Over Transport Layer Security (TLS).

[RFC 4279] Pre-Shared Key Ciphersuites for Transport Layer Security (TLS).

[RFC 4492] Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS).

[RFC 4507] Transport Layer Security (TLS) Session Resumption without Server-Side State.

[RFC 5246] The Transport Layer Security (TLS) Protocol Version 1.2.

[RFC 5289] TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM).

[RFC 5425] Transport Layer Security (TLS) Transport Mapping for Syslog.

[RFC 5430] Suite B Profile for Transport Layer Security (TLS).

[RFC 5469] DES and IDEA Cipher Suites for Transport Layer Security (TLS).

[RFC 6042] Transport Layer Security (TLS) Authorization Using KeyNote.

[RFC 6709] Design Considerations for Protocol Extensions.


Publications:


Obsolete RFCs:

[RFC 2246] The TLS Protocol Version 1.0.

[RFC 2487] SMTP Service Extension for Secure SMTP over TLS.

[RFC 3268] Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS).

[RFC 3546] Transport Layer Security (TLS) Extensions.

[RFC 4346] The Transport Layer Security (TLS) Protocol Version 1.1.

[RFC 4366] Transport Layer Security (TLS) Extensions.


Description Glossary RFCs Publications Obsolete RFCs