TheTransportLayerSecurity(TLS)ProtocolVersion1.3.pdf_tls10isnotacceptedby

8446

需积分: 17 90 浏览量更新于2023-03-16 评论收藏 475KB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

资源详情

资源评论

资源推荐

Internet Engineering Task Force (IETF) E. Rescorla

Request for Comments: 8446 Mozilla

Obsoletes:

5077, 5246, 6961 August 2018

Updates:

5705, 6066

Category: Standards Track

ISSN: 2070-1721

The Transport Layer Security (TLS) Protocol Version 1.3

Abstract

This document specifies version 1.3 of the Transport Layer Security

(TLS) protocol. TLS allows client/server applications to communicate

over the Internet in a way that is designed to prevent eavesdropping,

tampering, and message forgery.

This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077,

5246, and 6961. This document also specifies new requirements for

TLS 1.2 implementations.

Status of This Memo

This is an Internet Standards Track document.

This document is a product of the Internet Engineering Task Force

(IETF). It represents the consensus of the IETF community. It has

received public review and has been approved for publication by the

Internet Engineering Steering Group (IESG). Further information on

Internet Standards is available in Section 2 of RFC 7841.

Information about the current status of this document, any errata,

and how to provide feedback on it may be obtained at

https://www.rfc-editor.org/info/rfc8446.

Rescorla Standards Track [Page 1]

RFC 8446

TLS August 2018

Table of Contents

1. Introduction ....................................................6

1.1. Conventions and Terminology ................................7

1.2. Major Differences from TLS 1.2 .............................8

1.3. Updates Affecting TLS 1.2 ..................................9

2. Protocol Overview ..............................................10

2.1. Incorrect DHE Share .......................................14

2.2. Resumption and Pre-Shared Key (PSK) .......................15

2.3. 0-RTT Data ................................................17

3. Presentation Language ..........................................19

3.1. Basic Block Size ..........................................19

3.2. Miscellaneous .............................................20

3.3. Numbers ...................................................20

3.4. Vectors ...................................................20

3.5. Enumerateds ...............................................21

3.6. Constructed Types .........................................22

3.7. Constants .................................................23

3.8. Variants ..................................................23

4. Handshake Protocol .............................................24

4.1. Key Exchange Messages .....................................25

4.1.1. Cryptographic Negotiation ..........................26

4.1.2. Client Hello .......................................27

4.1.3. Server Hello .......................................31

4.1.4. Hello Retry Request ................................33

4.2. Extensions ................................................35

4.2.1. Supported Versions .................................39

4.2.2. Cookie .............................................40

4.2.3. Signature Algorithms ...............................41

4.2.4. Certificate Authorities ............................45

4.2.5. OID Filters ........................................45

4.2.6. Post-Handshake Client Authentication ...............47

4.2.7. Supported Groups ...................................47

4.2.8. Key Share ..........................................48

4.2.9. Pre-Shared Key Exchange Modes ......................51

4.2.10. Early Data Indication .............................52

4.2.11. Pre-Shared Key Extension ..........................55

4.3. Server Parameters .........................................59

4.3.1. Encrypted Extensions ...............................60

4.3.2. Certificate Request ................................60

4.4. Authentication Messages ...................................61

4.4.1. The Transcript Hash ................................63

4.4.2. Certificate ........................................64

4.4.3. Certificate Verify .................................69

4.4.4. Finished ...........................................71

4.5. End of Early Data .........................................72

Rescorla Standards Track [Page 3]

RFC 8446

TLS August 2018

4.6. Post-Handshake Messages ...................................73

4.6.1. New Session Ticket Message .........................73

4.6.2. Post-Handshake Authentication ......................75

4.6.3. Key and Initialization Vector Update ...............76

5. Record Protocol ................................................77

5.1. Record Layer ..............................................78

5.2. Record Payload Protection .................................80

5.3. Per-Record Nonce ..........................................82

5.4. Record Padding ............................................83

5.5. Limits on Key Usage .......................................84

6. Alert Protocol .................................................85

6.1. Closure Alerts ............................................87

6.2. Error Alerts ..............................................88

7. Cryptographic Computations .....................................90

7.1. Key Schedule ..............................................91

7.2. Updating Traffic Secrets ..................................94

7.3. Traffic Key Calculation ...................................95

7.4. (EC)DHE Shared Secret Calculation .........................95

7.4.1. Finite Field Diffie-Hellman ........................95

7.4.2. Elliptic Curve Diffie-Hellman ......................96

7.5. Exporters .................................................97

8. 0-RTT and Anti-Replay ..........................................98

8.1. Single-Use Tickets ........................................99

8.2. Client Hello Recording ....................................99

8.3. Freshness Checks .........................................101

9. Compliance Requirements .......................................102

9.1. Mandatory-to-Implement Cipher Suites .....................102

9.2. Mandatory-to-Implement Extensions ........................103

9.3. Protocol Invariants ......................................104

10. Security Considerations ......................................106

11. IANA Considerations ..........................................106

12. References ...................................................109

12.1. Normative References ....................................109

12.2. Informative References ..................................112

Appendix A. State Machine ........................................120

A.1. Client ....................................................120

A.2. Server ....................................................121

Appendix B. Protocol Data Structures and Constant Values .........122

B.1. Record Layer ..............................................122

B.2. Alert Messages ............................................123

B.3. Handshake Protocol ........................................124

B.3.1. Key Exchange Messages .................................125

B.3.2. Server Parameters Messages ............................131

B.3.3. Authentication Messages ...............................132

B.3.4. Ticket Establishment ..................................132

B.3.5. Updating Keys .........................................133

B.4. Cipher Suites .............................................133

Rescorla Standards Track [Page 4]

RFC 8446

TLS August 2018

Appendix C. Implementation Notes .................................134

C.1. Random Number Generation and Seeding ......................134

C.2. Certificates and Authentication ...........................135

C.3. Implementation Pitfalls ...................................135

C.4. Client Tracking Prevention ................................137

C.5. Unauthenticated Operation .................................137

Appendix D. Backward Compatibility ...............................138

D.1. Negotiating with an Older Server ..........................139

D.2. Negotiating with an Older Client ..........................139

D.3. 0-RTT Backward Compatibility ..............................140

D.4. Middlebox Compatibility Mode ..............................140

D.5. Security Restrictions Related to Backward Compatibility ...141

Appendix E. Overview of Security Properties ......................142

E.1. Handshake .................................................142

E.1.1. Key Derivation and HKDF ...............................145

E.1.2. Client Authentication .................................146

E.1.3. 0-RTT .................................................146

E.1.4. Exporter Independence .................................146

E.1.5. Post-Compromise Security ..............................146

E.1.6. External References ...................................147

E.2. Record Layer ..............................................147

E.2.1. External References ...................................148

E.3. Traffic Analysis ..........................................148

E.4. Side-Channel Attacks ......................................149

E.5. Replay Attacks on 0-RTT ...................................150

E.5.1. Replay and Exporters ..................................151

E.6. PSK Identity Exposure .....................................152

E.7. Sharing PSKs ..............................................152

E.8. Attacks on Static RSA .....................................152

Contributors .....................................................153

Author’s Address .................................................160

Rescorla Standards Track [Page 5]

剩余159页未读，继续阅读

beebeeyoung

粉丝: 15
资源: 62

会员权益专享

The Transport Layer Security (TLS) Protocol Version 1.3.pdf

评论0

会员权益专享

最新资源

The Transport Layer Security (TLS) Protocol Version 1.3.pdf

评论0

The Transport Layer Security (TLS) Protocol 1.2

RFC-4764（中文版）.pdf

The Transport Layer Security (TLS) Protocol Version 1.3rfc8446.txt.zip

The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]"

transport layer security (tls) lab

网站证书拓展值中的OID.1.3.6.1.4.1.11129.2.4.2 表示什么

TLS1.2和TLS1.3握手区别

security.tls怎么关闭完全握手检查

This combination of host and port requires TLS.

javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

"The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]解决办法

nginx 升级支持 TLS1.2，TLS1.3

火狐浏览器怎么禁用TLS 1.0

ssl证书和tls有什么区别

GnuTLS recv error (-110): The TLS connection was non-properly terminat

java "The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

The server selected protocol version TLS11 GET

会员权益专享

最新资源