rfc4346.The Transport Layer Security (TLS) Protoco

NetworkWorkingGroupT.DierksRequestforComments:4346IndependentObsoletes:2246E.RescorlaCategory:StandardsTrackRTFM,Inc.April2006TheTransportLayerSecurity(TLS)ProtocolVersion1.1StatusofThisMemoThisdocumentspecifiesanInternetstandardstrackprotocolfortheInternetcommunity,andrequestsdiscussionandsuggestionsforimprovements.PleaserefertothecurrenteditionoftheInternetOfficialProtocolStandards(STD1)forthestandardizationstateandstatusofthisprotocol.Distributionofthismemoisunlimited.CopyrightNoticeCopyright(C)TheInternetSociety(2006).AbstractThisdocumentspecifiesVersion1.1oftheTransportLayerSecurity(TLS)protocol.TheTLSprotocolprovidescommunicationssecurityovertheInternet.Theprotocolallowsclient/serverapplicationstocommunicateinawaythatisdesignedtopreventeavesdropping,tampering,ormessageforgery.Dierks&RescorlaStandardsTrack[Page1]RFC4346TheTLSProtocolApril2006TableofContents1.Introduction....................................................41.1.DifferencesfromTLS1.0...................................51.2.RequirementsTerminology...................................52.Goals...........................................................53.GoalsofThisDocument..........................................64.PresentationLanguage...........................................64.1.BasicBlockSize...........................................74.2.Miscellaneous..............................................74.3.Vectors....................................................74.4.Numbers....................................................84.5.Enumerateds................................................84.6.ConstructedTypes..........................................94.6.1.Variants...........................................104.7.CryptographicAttributes..................................114.8.Constants.................................................125.HMACandthePseudorandomFunction.............................126.TheTLSRecordProtocol........................................146.1.ConnectionStates.........................................156.2.Recordlayer..............................................176.2.1.Fragmentation......................................176.2.2.RecordCompressionandDecompression...............196.2.3.RecordPayloadProtection..........................196.2.3.1.NullorStandardStreamCipher............206.2.3.2.CBCBlockCipher..........................216.3.KeyCalculation...........................................247.TheTLSHandshakingProtocols..................................247.1.ChangeCipherSpecProtocol...............................257.2.AlertProtocol............................................267.2.1.ClosureAlerts.....................................277.2.2.ErrorAlerts.......................................287.3.HandshakeProtocolOverview...............................317.4.HandshakeProtocol........................................347.4.1.HelloMessages.....................................357.4.1.1.Hellorequest.............................357.4.1.2.ClientHello..............................367.4.1.3.ServerHello..............................397.4.2.ServerCertificate.................................407.4.3.ServerKeyExchangeMessage........................427.4.4.Certificaterequest................................447.4.5.ServerHelloDone..................................467.4.6.Clientcertificate.................................467.4.7.ClientKeyExchangeMessage........................477.4.7.1.RSAEncryptedPremasterSecretMessage....477.4.7.2.ClientDiffie-HellmanPublicValue........507.4.8.Certificateverify.................................507.4.9.Finished...........................................51Dierks&RescorlaStandardsTrack[Page2]RFC4346TheTLSProtocolApril20068.CryptographicComputations.....................................528.1.ComputingtheMasterSecret...............................528.1.1.RSA................................................538.1.2.Diffie-Hellman.....................................539.MandatoryCipherSuites........................................5310.ApplicationDataProtocol.....................................5311.SecurityConsiderations.......................................5312.IANAConsiderations...........................................54A.Appendix-Protocolconstantvalues............................55A.1.Recordlayer.........................................55A.2.Changecipherspecsmessage..........................56A.3.Alertmessages.......................................56A.4.Handshakeprotocol...................................57A.4.1.Hellomessages.....................................57A.4.2.Serverauthenticationandkeyexchangemessages....58A.4.3.Clientauthenticationandkeyexchangemessages....59A.4.4.Handshakefinalizationmessage......................60A.5.TheCipherSuite......................................60A.6.TheSecurityParameters..............................63B.Appendix-Glossary............................................64C.Appendix-CipherSuitedefinitions.............................68D.Appendix-ImplementationNotes........................