1 - 2 - 3 - 4 - 5 - 6 - 8 - A - B - C - D - E - F - G - H - I - K - L - M - N - O - P - R - S - T - U - V - W - X
TLS
Click on the red underlined text to get to the source
...
The primary goal of the TLS Protocol is to provide privacy and data
integrity between two communicating applications. The protocol is
...
... privacy and data
integrity between two communicating applications. The protocol is
composed of two layers: the TLS Record Protocol and the TLS Handshake
Protocol. At the lowest level, layered on top of some reliable
...
... data
integrity between two communicating applications. The protocol is
composed of two layers: the TLS Record Protocol and the TLS Handshake
Protocol. At the lowest level, layered on top of some reliable
transport protocol ...
... transport protocol (e.g., TCP[TCP]), is the TLS Record Protocol. The
TLS Record Protocol provides connection security ...
... TCP]), is the TLS Record Protocol. The
TLS Record Protocol provides connection security that has two basic
properties:
...
... connection and are based on a secret negotiated by another
protocol (such as the TLS Handshake Protocol). The Record
Protocol can also be used without encryption ...
...
The TLS Record Protocol is used for encapsulation of various higher
level protocols. One such encapsulated ...
... encapsulation of various higher
level protocols. One such encapsulated protocol, the TLS Handshake
Protocol, allows the server and client to authenticate ...
... the application protocol transmits or receives its first byte of
data. The TLS Handshake Protocol provides connection security that
...
...
One advantage of TLS is that it is application protocol independent.
Higher level protocols can layer ...
... application protocol independent.
Higher level protocols can layer on top of the TLS Protocol
transparently. The TLS standard, however, does not specify how
...
... layer on top of the TLS Protocol
transparently. The TLS standard, however, does not specify how
protocols add security with TLS ...
... TLS standard, however, does not specify how
protocols add security with TLS; the decisions on how to initiate TLS
handshaking and how to interpret the authentication certificates ...
... protocols add security with TLS; the decisions on how to initiate TLS
handshaking and how to interpret the authentication certificates
...
... exchanged are left up to the judgment of the designers and
implementors of protocols which run on top of TLS.
...
...
The goals of TLS Protocol, in order of their priority, are:
...
... Cryptographic security: TLS should be used to establish a secure
connection between two parties.
...
... Interoperability: Independent programmers should be able to
develop applications utilizing TLS that will then be able to
successfully exchange cryptographic parameters without knowledge
...
... CPU intensive, particularly public key operations. For this
reason, the TLS protocol has incorporated an optional session
caching scheme to reduce the number of connections ...
... between this protocol and SSL 3.0 are not dramatic, but they are
significant enough that TLS 1.0 and SSL 3.0 do not interoperate
(although TLS 1.0 ...
... TLS 1.0 and SSL 3.0 do not interoperate
(although TLS 1.0 does incorporate a mechanism by which a TLS
implementation can back down to SSL 3.0). This document is intended
...
... SSL 3.0 do not interoperate
(although TLS 1.0 does incorporate a mechanism by which a TLS
implementation can back down to SSL 3.0). This document is intended
primarily for readers who will be implementing the protocol and those
...
... syntax and intent, it would be risky to draw too many parallels. The
purpose of this presentation language is to document TLS only, not to
have general application beyond that particular goal.
...
... HMAC can be used with a variety of different hash algorithms. TLS
uses it in the handshake with two different algorithms ...
... The TLS Record Protocol ...
...
The TLS Record Protocol is a layered protocol. At each layer,
messages may include fields for length, description, and content.
...
... change cipher spec
protocol, and the application data protocol. In order to allow
extension of the TLS protocol, additional record types can be
supported by the record protocol. Any new record types should
allocate type values ...
... allocate type values immediately beyond the ContentType values for
the four record types described here (see Appendix A.2). If a TLS
implementation receives a record type it does not understand, it
should just ignore it. Any protocol designed for use over TLS ...
... TLS
implementation receives a record type it does not understand, it
should just ignore it. Any protocol designed for use over TLS must be
carefully designed to deal with all possible attacks against it.
...
...
A TLS connection state is the operating environment of the TLS Record
Protocol. It specifies a compression algorithm ...
... A TLS connection state is the operating environment of the TLS Record
Protocol. It specifies a compression algorithm, encryption algorithm,
...
... and write states, and the pending read and write states. All records
are processed under the current read and write states. The security
parameters for the pending states can be set by the TLS Handshake
Protocol, and the Handshake Protocol can selectively make either of
...
...
The security parameters for a TLS Connection read and write state are
set by providing the following values:
...
... connection. In addition, for block
ciphers running in CBC mode (the only mode specified for TLS),
this will initially contain the IV for that connection ...
...
The TLS Record Layer receives uninterpreted data from higher layers
in non-empty blocks of arbitrary size.
...
... The version of the protocol being employed. This document
describes TLS Version 1.0, which uses the version { 3, 1 }. The
...
... version { 3, 1 }. The
version value 3.1 is historical: TLS version 1.0 is a minor
modification to the SSL ...
... cipher
state from the end of one record is simply used on the subsequent
packet. If the CipherSuite is TLS_NULL_WITH_NULL_NULL, encryption
consists of the identity ...
... The TLS Handshake Protocol ...
...
The TLS Handshake Protocol consists of a suite of three sub-protocols
which are used to allow peers to agree upon security parameters ...
... can be instantiated using the same session through the resumption
feature of the TLS Handshake Protocol.
...
...
One of the content types supported by the TLS Record layer is the
alert type. Alert messages ...
...
If the application protocol using TLS provides that any data may be
carried over the underlying transport after the TLS connection ...
... TLS provides that any data may be
carried over the underlying transport after the TLS connection is
closed, the TLS implementation must receive the responding
...
... transport after the TLS connection is
closed, the TLS implementation must receive the responding
close_notify alert before indicating to the application layer ...
... alert before indicating to the application layer that
the TLS connection has ended. If the application protocol will not
transfer any additional data, but will only close the underlying
...
... this standard should be taken to dictate the manner in which a usage
profile for TLS manages its data transport, including when
connections ...
...
Error handling in the TLS Handshake protocol is very simple. When an
error is detected, the detecting party sends a message to the other
...
... session state are produced by the
TLS Handshake Protocol, which operates on top of the TLS Record
Layer. When a TLS client and server ...
... TLS Handshake Protocol, which operates on top of the TLS Record
Layer. When a TLS client and server first start communicating, they
...
... TLS Handshake Protocol, which operates on top of the TLS Record
Layer. When a TLS client and server first start communicating, they
agree on a protocol version ...
...
The TLS Handshake Protocol involves the following steps:
...
...
Note that higher layers should not be overly reliant on TLS always
negotiating the strongest possible connection between two peers:
...
... security
requirements are and never transmit information over a channel less
secure than what they require. The TLS protocol is secure, in that
any cipher suite offers its promised level of security ...
...
Note: To help avoid pipeline stalls, ChangeCipherSpec is an
independent TLS Protocol content type, and is not actually a TLS
handshake message.
...
... Session ID match is not found, the
server generates a new session ID and the TLS client and server
perform a full handshake.
...
... Handshake Protocol is one of the defined higher level clients
of the TLS Record Protocol. This protocol is used to negotiate the
secure attributes of a session. Handshake ...
... session. Handshake messages are supplied to
the TLS Record Layer, where they are encapsulated within one or more
TLSPlaintext structures, which are processed and transmitted as
...
... sender's internal clock. Clocks are not required to be set
correctly by the basic TLS Protocol; higher level or application
protocols may define additional requirements.
...
... version
The version of the TLS protocol by which the client wishes to
communicate during this session ...
... As CipherSuites which specify new key exchange methods are specified
for the TLS Protocol, they will imply certificate format and the
required encoded keying information.
...
... (with the result being the premaster secret.)
As additional CipherSuites are defined for TLS which include new key
exchange algorithms, the server key exchange message will be sent if
...
... attack takes advantage of the fact that by failing in different
ways, a TLS server can be coerced into revealing whether a
particular message, when decrypted, is properly PKCS#1 formatted
or not.
...
...
In order to begin connection protection, the TLS Record Protocol
requires specification of a suite of algorithms, a master secret, and
...
... In the absence of an application profile standard specifying
otherwise, a TLS compliant application MUST implement the cipher
suite TLS_DHE_DSS ...
... otherwise, a TLS compliant application MUST implement the cipher
suite TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA ...
... Version
1.0.
TLS_NULL_WITH_NULL_NULL is specified and is the initial state of a
TLS connection ...
... TLS_NULL_WITH_NULL_NULL is specified and is the initial state of a
TLS connection during the first handshake on that channel, but must
...
... cipher suites can be registered by publishing an RFC
which specifies the cipher suites, including the necessary TLS
protocol information, including message encoding, premaster
secret derivation, symmetric encryption ...
...
These security parameters are determined by the TLS Handshake
Protocol and provided as parameters to the TLS Record Layer in order
...
... security parameters are determined by the TLS Handshake
Protocol and provided as parameters to the TLS Record Layer in order
to initialize a connection state ...
...
The application entity that initiates a TLS connection to a
server. This may or may not imply that the client initiated the
...
... OSI layering model
definition) that provides a suitable type of service. For TLS,
such connections are peer to peer ...
... encryptions are used for each block of data; this uses 168 bits
of key (24 bytes in the TLS key generation method) and provides
...
... Transport Layer Security (TLS) ...
...
The TLS protocol cannot prevent many common security mistakes. This
section provides several recommendations to assist implementors ...
...
TLS requires a cryptographically-secure pseudorandom number generator
(PRNG). Care must be taken in designing and seeding PRNGs. PRNGs
based on secure hash ...
... port numbers, application protocols which are secured by
TLS 1.0, SSL 3.0, and SSL 2.0 all frequently share the same
...
... version 1.0 and SSL 3.0 are very similar; thus, supporting both
is easy. TLS clients who wish to negotiate with SSL 3.0 servers
...
... client hello structure, sending {3, 1} for the version field to note
that they support TLS 1.0. If the server supports only SSL 3.0, it
will respond with an SSL ...
... server hello; if it supports TLS, with a
TLS server hello. The negotiation then proceeds as appropriate for
...
... Version 2.0 client hello messages [SSL2]. TLS servers should accept
either client hello format if they wish to support SSL ...
... RC4_128_WITH_MD5 = { 0x01,0x00,0x80 };
V2CipherSpec TLS_RC4_128_EXPORT40_WITH_MD5 = { 0x02,0x00,0x80 };
...
... Version
2.0 servers. Clients sending any of the above V2CipherSpecs should
also include the TLS equivalent (see Appendix A.5):
...
...
V2CipherSpec (see TLS name) = { 0x00, CipherSuite };
...
... The client challenge to the server for the server to identify
itself is a (nearly) arbitrary length random. The TLS server will
right justify the challenge data to become the ClientHello.random
data (padded with leading zeroes, if necessary), as specified in
...
... 16 bytes of challenge data.
Note: Requests to resume a TLS session should use a TLS client hello.
...
... Version 2.0 compatibility mode, they
should use special PKCS #1 block formatting. This is done so that TLS
servers will reject Version 2.0 sessions ...
... ENCRYPTED-KEY-DATA field, servers that support TLS should issue an
error if these eight padding bytes are 0x03. Version 2.0 servers
...
... otherwise tamper with messages sent over the communication channel.
This appendix outlines how TLS has been designed to resist a variety
of attacks.
...
... Version 2.0,
attackers may try to make TLS-capable clients and servers fall back
to Version 2 ...
... to Version 2.0. This attack can occur if (and only if) two TLS-
capable parties use an SSL 2.0 handshake ...
... contents, and two fixed character strings. The message type field is
necessary to ensure that messages intended for one TLS Record Layer
client are not redirected to another. The sequence number ...
...
For TLS to be able to provide a secure connection, both the client
and server systems, keys, and applications must be secure. In
...
... SSL
Patent Claims or the IETF TLS specification provided that you
do not to assert any patent rights against Netscape or other
companies ...
... methods or build
products according to the IETF TLS specification; or
2) patent claims which require the elements ...