TheTransportLayerSecurity(TLS)ProtocolVersion1.3.pdf_theserverselectedprotocol

需积分: 17 289 浏览量更新于2023-03-16 评论收藏 475KB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

资源详情

资源评论

资源推荐

Internet Engineering Task Force (IETF) E. Rescorla

Request for Comments: 8446 Mozilla

Obsoletes:

5077, 5246, 6961 August 2018

Updates:

5705, 6066

Category: Standards Track

ISSN: 2070-1721

The Transport Layer Security (TLS) Protocol Version 1.3

Abstract

This document specifies version 1.3 of the Transport Layer Security

(TLS) protocol. TLS allows client/server applications to communicate

over the Internet in a way that is designed to prevent eavesdropping,

tampering, and message forgery.

This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077,

5246, and 6961. This document also specifies new requirements for

TLS 1.2 implementations.

Status of This Memo

This is an Internet Standards Track document.

This document is a product of the Internet Engineering Task Force

(IETF). It represents the consensus of the IETF community. It has

received public review and has been approved for publication by the

Internet Engineering Steering Group (IESG). Further information on

Internet Standards is available in Section 2 of RFC 7841.

Information about the current status of this document, any errata,

and how to provide feedback on it may be obtained at

https://www.rfc-editor.org/info/rfc8446.

Rescorla Standards Track [Page 1]

RFC 8446

TLS August 2018

Table of Contents

1. Introduction ....................................................6

1.1. Conventions and Terminology ................................7

1.2. Major Differences from TLS 1.2 .............................8

1.3. Updates Affecting TLS 1.2 ..................................9

2. Protocol Overview ..............................................10

2.1. Incorrect DHE Share .......................................14

2.2. Resumption and Pre-Shared Key (PSK) .......................15

2.3. 0-RTT Data ................................................17

3. Presentation Language ..........................................19

3.1. Basic Block Size ..........................................19

3.2. Miscellaneous .............................................20

3.3. Numbers ...................................................20

3.4. Vectors ...................................................20

3.5. Enumerateds ...............................................21

3.6. Constructed Types .........................................22

3.7. Constants .................................................23

3.8. Variants ..................................................23

4. Handshake Protocol .............................................24

4.1. Key Exchange Messages .....................................25

4.1.1. Cryptographic Negotiation ..........................26

4.1.2. Client Hello .......................................27

4.1.3. Server Hello .......................................31

4.1.4. Hello Retry Request ................................33

4.2. Extensions ................................................35

4.2.1. Supported Versions .................................39

4.2.2. Cookie .............................................40

4.2.3. Signature Algorithms ...............................41

4.2.4. Certificate Authorities ............................45

4.2.5. OID Filters ........................................45

4.2.6. Post-Handshake Client Authentication ...............47

4.2.7. Supported Groups ...................................47

4.2.8. Key Share ..........................................48

4.2.9. Pre-Shared Key Exchange Modes ......................51

4.2.10. Early Data Indication .............................52

4.2.11. Pre-Shared Key Extension ..........................55

4.3. Server Parameters .........................................59

4.3.1. Encrypted Extensions ...............................60

4.3.2. Certificate Request ................................60

4.4. Authentication Messages ...................................61

4.4.1. The Transcript Hash ................................63

4.4.2. Certificate ........................................64

4.4.3. Certificate Verify .................................69

4.4.4. Finished ...........................................71

4.5. End of Early Data .........................................72

Rescorla Standards Track [Page 3]

RFC 8446

TLS August 2018

4.6. Post-Handshake Messages ...................................73

4.6.1. New Session Ticket Message .........................73

4.6.2. Post-Handshake Authentication ......................75

4.6.3. Key and Initialization Vector Update ...............76

5. Record Protocol ................................................77

5.1. Record Layer ..............................................78

5.2. Record Payload Protection .................................80

5.3. Per-Record Nonce ..........................................82

5.4. Record Padding ............................................83

5.5. Limits on Key Usage .......................................84

6. Alert Protocol .................................................85

6.1. Closure Alerts ............................................87

6.2. Error Alerts ..............................................88

7. Cryptographic Computations .....................................90

7.1. Key Schedule ..............................................91

7.2. Updating Traffic Secrets ..................................94

7.3. Traffic Key Calculation ...................................95

7.4. (EC)DHE Shared Secret Calculation .........................95

7.4.1. Finite Field Diffie-Hellman ........................95

7.4.2. Elliptic Curve Diffie-Hellman ......................96

7.5. Exporters .................................................97

8. 0-RTT and Anti-Replay ..........................................98

8.1. Single-Use Tickets ........................................99

8.2. Client Hello Recording ....................................99

8.3. Freshness Checks .........................................101

9. Compliance Requirements .......................................102

9.1. Mandatory-to-Implement Cipher Suites .....................102

9.2. Mandatory-to-Implement Extensions ........................103

9.3. Protocol Invariants ......................................104

10. Security Considerations ......................................106

11. IANA Considerations ..........................................106

12. References ...................................................109

12.1. Normative References ....................................109

12.2. Informative References ..................................112

Appendix A. State Machine ........................................120

A.1. Client ....................................................120

A.2. Server ....................................................121

Appendix B. Protocol Data Structures and Constant Values .........122

B.1. Record Layer ..............................................122

B.2. Alert Messages ............................................123

B.3. Handshake Protocol ........................................124

B.3.1. Key Exchange Messages .................................125

B.3.2. Server Parameters Messages ............................131

B.3.3. Authentication Messages ...............................132

B.3.4. Ticket Establishment ..................................132

B.3.5. Updating Keys .........................................133

B.4. Cipher Suites .............................................133

Rescorla Standards Track [Page 4]

RFC 8446

TLS August 2018

Appendix C. Implementation Notes .................................134

C.1. Random Number Generation and Seeding ......................134

C.2. Certificates and Authentication ...........................135

C.3. Implementation Pitfalls ...................................135

C.4. Client Tracking Prevention ................................137

C.5. Unauthenticated Operation .................................137

Appendix D. Backward Compatibility ...............................138

D.1. Negotiating with an Older Server ..........................139

D.2. Negotiating with an Older Client ..........................139

D.3. 0-RTT Backward Compatibility ..............................140

D.4. Middlebox Compatibility Mode ..............................140

D.5. Security Restrictions Related to Backward Compatibility ...141

Appendix E. Overview of Security Properties ......................142

E.1. Handshake .................................................142

E.1.1. Key Derivation and HKDF ...............................145

E.1.2. Client Authentication .................................146

E.1.3. 0-RTT .................................................146

E.1.4. Exporter Independence .................................146

E.1.5. Post-Compromise Security ..............................146

E.1.6. External References ...................................147

E.2. Record Layer ..............................................147

E.2.1. External References ...................................148

E.3. Traffic Analysis ..........................................148

E.4. Side-Channel Attacks ......................................149

E.5. Replay Attacks on 0-RTT ...................................150

E.5.1. Replay and Exporters ..................................151

E.6. PSK Identity Exposure .....................................152

E.7. Sharing PSKs ..............................................152

E.8. Attacks on Static RSA .....................................152

Contributors .....................................................153

Author’s Address .................................................160

Rescorla Standards Track [Page 5]

剩余159页未读，继续阅读

beebeeyoung

粉丝: 14
资源: 62

会员权益专享

The Transport Layer Security (TLS) Protocol Version 1.3.pdf

评论0

会员权益专享

最新资源

The Transport Layer Security (TLS) Protocol Version 1.3.pdf

评论0

transport layer security (tls) lab

网站证书拓展值中的OID.1.3.6.1.4.1.11129.2.4.2 表示什么

TLS1.2和TLS1.3握手区别

nginx 升级支持 TLS1.2，TLS1.3

火狐浏览器怎么禁用TLS 1.0

tls1.2 和 tls1.3的区别

jmeter配置tls1.3

kamailio tls

gnutls_handshake() failed: The TLS connection was non-properly terminated

mkcert 支持 tls1.2和tls1.3吗

高层住宅应急照明系统方案.dwg

php_phpMyAdmin v4.4.10.zip.zip

matlab基础编程：11 matlab脚本文件和函数文件.zip

生产产线监控大屏系统去

实验一 复数的四则运算.dev

高层商住楼强弱电设计.dwg

电力集团企业数字化转型+数据治理+数字化平台总体建设方案.docx

会员权益专享

最新资源

实验一复数的四则运算.dev