互联网标准协议：TLS 1.2 协议详解

Transport

Layer

需积分: 32 11 浏览量更新于2024-07-16 收藏 285KB PDF 举报

身份认证购VIP最低享 7 折!

领优惠券(最高得80元）

"The Transport Layer Security (TLS) Protocol Version 1.2.pdf 是一份由 T.Dierks 和 E.Rescorla 编写的互联网标准草案，它详细规定了互联网社区使用的传输层安全（TLS）协议的第1.2版本。这份文档取代了3268、4346和4366号文档，并更新了4492号文档。TLS协议的主要目的是在网络上传输数据时提供安全性，防止窃听、篡改和消息伪造。" 正文： TLS（Transport Layer Security）协议是互联网上广泛使用的一种安全协议，其主要任务是为两个通信应用程序提供端到端的数据加密，确保数据在传输过程中的隐私和完整性。TLS 1.2是该协议的一个重要版本，它在TLS 1.1的基础上进行了改进，提升了安全性。 1. 引言在1.1章节中，文档明确了对术语的要求，同时概述了与TLS 1.1的主要区别。这些区别可能包括算法的更新、安全性的增强以及协议流程的优化，以应对不断发展的网络威胁。 2. 目标 TLS协议的目标是保护网络通信的安全，防止未经授权的访问和攻击。这包括通过加密技术防止数据被窃听，使用完整性检查避免数据在传输过程中被修改，以及通过身份验证确保通信双方的身份真实可信。 3. 文档目标文档的编写旨在为互联网社区提供一个标准化的、经过充分讨论和建议改进的TLS 1.2协议规范，以供参考和实施。 4. 表示语言 4.1 基本块大小：协议可能定义了不同的基本块大小，用于加密算法，如AES等，以确保数据的高效处理。 4.2 杂项：这部分可能包含了协议中的其他技术细节，如随机数生成、证书结构和握手协议的细节。 4.3 向量：在TLS中，向量通常用于初始化向量（IV），它在加密过程中起着重要作用，确保每个消息块的独立加密。 4.4 等待进一步展开的部分：文档的其余部分可能涵盖了握手协议、记录层、密钥交换、认证、密码套件选择、错误处理、以及其他实现细节和安全考虑。 TLS 1.2在实现中通常会结合各种加密算法和哈希函数，例如RSA用于非对称加密和密钥交换，AES用于对称加密，而SHA-256或更安全的哈希函数用于消息验证码（MAC）和证书签名。此外，TLS 1.2引入了前向安全性（Forward Secrecy），即使私钥泄露，之前已加密的通信内容仍然保持安全。 TLS 1.2是互联网安全的重要组成部分，它确保了用户数据的隐私和安全，为诸如HTTPS等安全协议提供了基础。随着技术的发展，TLS也持续演进，例如后续的TLS 1.3版进一步提高了性能和安全性。

资源详情

资源推荐

RFC 5246

TLS August 2008

Implementations MUST NOT send record types not defined in this

document unless negotiated by some extension. If a TLS

implementation receives an unexpected record type, it MUST send an

unexpected_message alert.

Any protocol designed for use over TLS must be carefully designed to

deal with all possible attacks against it. As a practical matter,

this means that the protocol designer must be aware of what security

properties TLS does and does not provide and cannot safely rely on

the latter.

Note in particular that type and length of a record are not protected

by encryption. If this information is itself sensitive, application

designers may wish to take steps (padding, cover traffic) to minimize

information leakage.

6.1. Connection States

A TLS connection state is the operating environment of the TLS Record

Protocol. It specifies a compression algorithm, an encryption

algorithm, and a MAC algorithm. In addition, the parameters for

these algorithms are known: the MAC key and the bulk encryption keys

for the connection in both the read and the write directions.

Logically, there are always four connection states outstanding: the

current read and write states, and the pending read and write states.

All records are processed under the current read and write states.

The security parameters for the pending states can be set by the TLS

Handshake Protocol, and the ChangeCipherSpec can selectively make

either of the pending states current, in which case the appropriate

current state is disposed of and replaced with the pending state; the

pending state is then reinitialized to an empty state. It is illegal

to make a state that has not been initialized with security

parameters a current state. The initial current state always

specifies that no encryption, compression, or MAC will be used.

The security parameters for a TLS Connection read and write state are

set by providing the following values:

connection end

Whether this entity is considered the "client" or the "server" in

this connection.

PRF algorithm

An algorithm used to generate keys from the master secret (see

Sections

5 and 6.3).

Dierks & Rescorla Standards Track [Page 16]

RFC 5246

TLS August 2008

struct {

ConnectionEnd entity;

PRFAlgorithm prf_algorithm;

BulkCipherAlgorithm bulk_cipher_algorithm;

CipherType cipher_type;

uint8 enc_key_length;

uint8 block_length;

uint8 fixed_iv_length;

uint8 record_iv_length;

MACAlgorithm mac_algorithm;

uint8 mac_length;

uint8 mac_key_length;

CompressionMethod compression_algorithm;

opaque master_secret[48];

opaque client_random[32];

opaque server_random[32];

} SecurityParameters;

The record layer will use the security parameters to generate the

following six items (some of which are not required by all ciphers,

and are thus empty):

client write MAC key

server write MAC key

client write encryption key

server write encryption key

client write IV

server write IV

The client write parameters are used by the server when receiving and

processing records and vice versa. The algorithm used for generating

these items from the security parameters is described in

Section 6.3.

Once the security parameters have been set and the keys have been

generated, the connection states can be instantiated by making them

the current states. These current states MUST be updated for each

record processed. Each connection state includes the following

elements:

compression state

The current state of the compression algorithm.

cipher state

The current state of the encryption algorithm. This will consist

of the scheduled key for that connection. For stream ciphers,

this will also contain whatever state information is necessary to

allow the stream to continue to encrypt or decrypt data.

Dierks & Rescorla Standards Track [Page 18]

RFC 5246

TLS August 2008

version

The version of the protocol being employed. This document

describes TLS Version 1.2, which uses the version { 3, 3 }. The

version value 3.3 is historical, deriving from the use of {3, 1}

for TLS 1.0. (See

Appendix A.1.) Note that a client that

supports multiple versions of TLS may not know what version will

be employed before it receives the ServerHello. See

Appendix E

for discussion about what record layer version number should be

employed for ClientHello.

length

The length (in bytes) of the following TLSPlaintext.fragment. The

length MUST NOT exceed 2^14.

fragment

The application data. This data is transparent and treated as an

independent block to be dealt with by the higher-level protocol

specified by the type field.

Implementations MUST NOT send zero-length fragments of Handshake,

Alert, or ChangeCipherSpec content types. Zero-length fragments of

Application data MAY be sent as they are potentially useful as a

traffic analysis countermeasure.

Note: Data of different TLS record layer content types MAY be

interleaved. Application data is generally of lower precedence for

transmission than other content types. However, records MUST be

delivered to the network in the same order as they are protected by

the record layer. Recipients MUST receive and process interleaved

application layer traffic during handshakes subsequent to the first

one on a connection.

6.2.2. Record Compression and Decompression

All records are compressed using the compression algorithm defined in

the current session state. There is always an active compression

algorithm; however, initially it is defined as

CompressionMethod.null. The compression algorithm translates a

TLSPlaintext structure into a TLSCompressed structure. Compression

functions are initialized with default state information whenever a

connection state is made active. [

RFC3749] describes compression

algorithms for TLS.

Compression must be lossless and may not increase the content length

by more than 1024 bytes. If the decompression function encounters a

TLSCompressed.fragment that would decompress to a length in excess of

2^14 bytes, it MUST report a fatal decompression failure error.

Dierks & Rescorla Standards Track [Page 20]

剩余103页未读，继续阅读

fafa009

粉丝: 1
资源: 6

互联网标准协议：TLS 1.2 协议详解

The Transport Layer Security (TLS) Protocol 1.2

The Transport Layer Security (TLS) Protocol Version 1.3.pdf

The Transport Layer Security (TLS) Protocol Version 1.3rfc8446.txt.zip

The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]"

xp支持tls1.1和tls1.2.rar

Could not convert socket to TLS

transport layer security (tls) lab

WiFiClientSecure.h

This combination of host and port requires TLS.

security.tls怎么关闭完全握手检查

The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]报错

cloudbeaver 报错The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

在windows服务器上启用tls 1.2及tls 1.2基本原理介绍

火狐浏览器怎么禁用TLS 1.0

"The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

javax.net.ssl.SSLHandshakeException: The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]

The server selected protocol version TLS10 is not accepted by client preferences [TLS13, TLS12]解决办法

websphere 如何将tls1改成1.2

ssl证书和tls有什么区别

最新资源