Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Transport Layer Security
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===TLS record=== This is the general format of all TLS records. {|class="wikitable"style=width:95%;text-align:center |+TLS record format, general |- !scope=col|Offset !scope=col style=width:22%|Byte+0 !scope=col style=width:22%|Byte+1 !scope=col style=width:22%|Byte+2 !scope=col style=width:22%|Byte+3 |- !scope=row|Byte<br />0 |style=background:#dfd|Content type |colspan=3{{N/A}} |- !scope=row rowspan=2|Bytes<br />1β4 |colspan=2 style=background:#fdd|Legacy version |colspan=2 style=background:#fdd|Length |-style=background:#fdd |''(Major)'' |''(Minor)'' |''(bits 15β8)'' |''(bits 7β0)'' |- !scope=row|Bytes<br />5β(''m''β1) |colspan=4|Protocol message(s) |- !scope=row|Bytes<br />''m''β(''p''β1) |colspan=4 style=background:#fbb|[[message authentication code|MAC]] (optional) |- !scope=row|Bytes<br />''p''β(''q''β1) |colspan=4 style=background:#fbb|Padding (block ciphers only) |} ;Content type :This field identifies the Record Layer Protocol Type contained in this record. {|class=wikitable |+Content types |- !scope=col|Hex !scope=col|Dec !scope=col|Type |- !scope=row|0Γ14 |20 |ChangeCipherSpec |- !scope=row|0Γ15 |21 |Alert |- !scope=row|0Γ16 |22 |Handshake |- !scope=row|0Γ17 |23 |Application |- !scope=row|0Γ18 |24 |Heartbeat |} ;Legacy version :This field identifies the major and minor version of TLS prior to TLS 1.3 for the contained message. For a ClientHello message, this need not be the ''highest'' version supported by the client. For TLS 1.3 and later, this must to be set 0x0303 and application must send supported versions in an extra message extension block. {|class=wikitable |+Versions |- !scope=col|Major<br />version !scope=col|Minor<br />version !scope=col|Version type |- !scope=row|3 |0 |SSL 3.0 |- !scope=row|3 |1 |TLS 1.0 |- !scope=row|3 |2 |TLS 1.1 |- !scope=row|3 |3 |TLS 1.2 |- !scope=row|3 |4 |TLS 1.3 |} ;Length :The length of "protocol message(s)", "MAC" and "padding" fields combined (i.e. ''q''β5), not to exceed 2<sup>14</sup> bytes (16 KiB). ;Protocol message(s) :One or more messages identified by the Protocol field. Note that this field may be encrypted depending on the state of the connection. ;MAC and padding :A [[message authentication code]] computed over the "protocol message(s)" field, with additional key material included. Note that this field may be encrypted, or not included entirely, depending on the state of the connection. :No "MAC" or "padding" fields can be present at end of TLS records before all cipher algorithms and parameters have been negotiated and handshaked and then confirmed by sending a CipherStateChange record (see below) for signalling that these parameters will take effect in all further records sent by the same peer. ====Handshake protocol==== Most messages exchanged during the setup of the TLS session are based on this record, unless an error or warning occurs and needs to be signaled by an Alert protocol record (see below), or the encryption mode of the session is modified by another record (see ChangeCipherSpec protocol below). {|class="wikitable"style=width:95%;text-align:center |+TLS record format for handshake protocol |- !scope=col|Offset !scope=col style=width:22%|Byte+0 !scope=col style=width:22%|Byte+1 !scope=col style=width:22%|Byte+2 !scope=col style=width:22%|Byte+3 |- !scope=row|Byte<br />0 |style=background:#dfd|22 |colspan=3{{N/A}} |- !scope=row rowspan=2|Bytes<br />1β4 |colspan=2 style=background:#fdd|Legacy version |colspan=2 style=background:#fdd|Length |-style=background:#fdd |''(Major)'' |''(Minor)'' |''(bits 15β8)'' |''(bits 7β0)'' |- !scope=row rowspan=2|Bytes<br />5β8 |rowspan=2|Message type |colspan=3|Handshake message data length |-style=font-size:90%;line-height:1.2 |''(bits 23β16)'' |''(bits 15β8)'' |''(bits 7β0)'' |- !scope=row|Bytes<br />9β(''n''β1) |colspan=4|Handshake message data |- !scope=row rowspan=2|Bytes<br />''n''β(''n''+3) |rowspan=2 style=background:#fdd|Message type |colspan=3 style=background:#fdd|Handshake message data length |-style=background:#fdd |''(bits 23β16)'' |''(bits 15β8)'' |''(bits 7β0)'' |- !scope=row|Bytes<br />(''n''+4)β |colspan=4 style=background:#fdd|Handshake message data |} ;Message type :This field identifies the handshake message type. {|class=wikitable |+Message types |- !scope=col|Code !scope=col|Description |- !scope=row|0 |HelloRequest |- !scope=row|1 |ClientHello |- !scope=row|2 |ServerHello |- !scope=row|4 |NewSessionTicket |- !scope=row|8 |EncryptedExtensions (TLS 1.3 only) |- !scope=row|11 |Certificate |- !scope=row|12 |ServerKeyExchange |- !scope=row|13 |CertificateRequest |- !scope=row|14 |ServerHelloDone |- !scope=row|15 |CertificateVerify |- !scope=row|16 |ClientKeyExchange |- !scope=row|20 |Finished |} ;Handshake message data length :This is a 3-byte field indicating the length of the handshake data, not including the header. Note that multiple handshake messages may be combined within one record. ====Alert protocol==== This record should normally not be sent during normal handshaking or application exchanges. However, this message can be sent at any time during the handshake and up to the closure of the session. If this is used to signal a fatal error, the session will be closed immediately after sending this record, so this record is used to give a reason for this closure. If the alert level is flagged as a warning, the remote can decide to close the session if it decides that the session is not reliable enough for its needs (before doing so, the remote may also send its own signal). {|class="wikitable"style=width:95%;text-align:center |+TLS record format for alert protocol |- !scope=col|Offset !scope=col style=width:22%|Byte+0 !scope=col style=width:22%|Byte+1 !scope=col style=width:22%|Byte+2 !scope=col style=width:22%|Byte+3 |- !scope=row|Byte<br />0 |style=background:#dfd|21 |colspan=3{{N/A}} |- !scope=row rowspan=2|Bytes<br />1β4 |colspan=2 style=background:#fdd|Legacy version |colspan=2 style=background:#fdd|Length |-style=background:#fdd |''(Major)'' |''(Minor)'' |0 |2 |- !Bytes<br />5β6 |Level |Description |colspan=2{{N/A}} |- !Bytes<br />''7''β(''p''β1) |colspan=4 style=background:#fbb|[[message authentication code|MAC]] (optional) |- !Bytes<br />''p''β(''q''β1) |colspan=4 style=background:#fbb|Padding (block ciphers only) |} ;Level :This field identifies the level of alert. If the level is fatal, the sender should close the session immediately. Otherwise, the recipient may decide to terminate the session itself, by sending its own fatal alert and closing the session itself immediately after sending it. The use of Alert records is optional, however if it is missing before the session closure, the session may be resumed automatically (with its handshakes). :Normal closure of a session after termination of the transported application should preferably be alerted with at least the ''Close notify'' Alert type (with a simple warning level) to prevent such automatic resume of a new session. Signalling explicitly the normal closure of a secure session before effectively closing its transport layer is useful to prevent or detect attacks (like attempts to truncate the securely transported data, if it intrinsically does not have a predetermined length or duration that the recipient of the secured data may expect). {|class="wikitable"style=width:90% |+Alert level types |- !scope=col|Code !scope=col|Level type !scope=col|Connection state |- !scope=row|1 |style=background:yellow;text-align:center|'''warning''' |connection or security may be unstable. |- !scope=row|2 |style=background:red;text-align:center|'''fatal''' |connection or security may be compromised, or an unrecoverable error has occurred. |} ;Description :This field identifies which type of alert is being sent. {|class="wikitable"style=width:90% |+Alert description types |- !scope=col|Code !scope=col|Description !scope=col|Level types !scope=col|Note |- !scope=row|0 |Close notify |style=background:orange;text-align:center|'''warning'''/'''fatal''' | |- !scope=row|10 |Unexpected message |style=background:red;text-align:center|'''fatal''' | |- !scope=row|20 |Bad record MAC |style=background:red;text-align:center|'''fatal''' |Possibly a bad SSL implementation, or payload has been tampered with e.g. FTP firewall rule on [[FTPS]] server. |- !scope=row|21 |Decryption failed |style=background:red;text-align:center|'''fatal''' |TLS only, reserved |- !scope=row|22 |Record overflow |style=background:red;text-align:center|'''fatal''' |TLS only |- !scope=row|30 |Decompression failure |style=background:red;text-align:center|'''fatal''' | |- !scope=row|40 |Handshake failure |style=background:red;text-align:center|'''fatal''' | |- !scope=row|41 |No certificate |style=background:orange;text-align:center|'''warning'''/'''fatal''' |SSL 3.0 only, reserved |- !scope=row|42 |Bad certificate |style=background:orange;text-align:center|'''warning'''/'''fatal''' | |- !scope=row|43 |Unsupported certificate |style=background:orange;text-align:center|'''warning'''/'''fatal''' |e.g. certificate has only server authentication usage enabled and is presented as a client certificate |- !scope=row|44 |Certificate revoked |style=background:orange;text-align:center|'''warning'''/'''fatal''' | |- !scope=row|45 |Certificate expired |style=background:orange;text-align:center|'''warning'''/'''fatal''' |Check server certificate expire also check no certificate in the chain presented has expired |- !scope=row|46 |Certificate unknown |style=background:orange;text-align:center|'''warning'''/'''fatal''' | |- !scope=row|47 |Illegal parameter |style=background:red;text-align:center|'''fatal''' | |- !scope=row|48 |Unknown CA ([[Certificate authority]]) |style=background:red;text-align:center|'''fatal''' |TLS only |- !scope=row|49 |Access denied |style=background:red;text-align:center|'''fatal''' |TLS only β e.g. no client certificate has been presented (TLS: Blank certificate message or SSLv3: No Certificate alert), but server is configured to require one. |- !scope=row|50 |Decode error |style=background:red;text-align:center|'''fatal''' |TLS only |- !scope=row|51 |Decrypt error |style=background:orange;text-align:center|'''warning'''/'''fatal''' |TLS only |- !scope=row|60 |Export restriction |style=background:red;text-align:center|'''fatal''' |TLS only, reserved |- !scope=row|70 |Protocol version |style=background:red;text-align:center|'''fatal''' |TLS only |- !scope=row|71 |Insufficient security |style=background:red;text-align:center|'''fatal''' |TLS only |- !scope=row|80 |Internal error |style=background:red;text-align:center|'''fatal''' |TLS only |- !scope=row|86 |Inappropriate fallback |style=background:red;text-align:center|'''fatal''' |TLS only |- !scope=row|90 |User canceled |style=background:red;text-align:center|'''fatal''' |TLS only |- !scope=row|100 |No renegotiation |style=background:yellow;text-align:center|'''warning''' |TLS only |- !scope=row|110 |Unsupported extension |style=background:yellow;text-align:center|'''warning''' |TLS only |- !scope=row|111 |Certificate unobtainable |style=background:yellow;text-align:center|'''warning''' |TLS only |- !scope=row|112 |Unrecognized name |style=background:orange;text-align:center|'''warning'''/'''fatal''' |TLS only; client's [[Server Name Indication|Server Name Indicator]] specified a [[hostname]] not supported by the server |- !scope=row|113 |Bad certificate status response |style=background:red;text-align:center|'''fatal''' |TLS only |- !scope=row|114 |Bad certificate hash value |style=background:red;text-align:center|'''fatal''' |TLS only |- !scope=row|115 |Unknown [[Pre-shared key|PSK]] identity (used in [[TLS-PSK]] and [[TLS-SRP]]) |style=background:red;text-align:center|'''fatal''' |TLS only |- !scope=row|116 |Certificate required |style=background:red;text-align:center|'''fatal''' |TLS version 1.3 only |- !scope=row|120 or 255 |No application protocol |style=background:red;text-align:center|'''fatal''' |TLS version 1.3 only |} ====ChangeCipherSpec protocol==== {|class="wikitable"style=width:95%;text-align:center |+TLS record format for ChangeCipherSpec protocol |- !scope=col|Offset !scope=col style=width:22%|Byte+0 !scope=col style=width:22%|Byte+1 !scope=col style=width:22%|Byte+2 !scope=col style=width:22%|Byte+3 |- !scope=row|Byte<br />0 |style=background:#dfd|20 |colspan=3{{N/A}} |- !scope=row rowspan=2|Bytes<br />1β4 |colspan=2 style=background:#fdd|Legacy version |colspan=2 style=background:#fdd|Length |-style=background:#fdd |''(Major)'' |''(Minor)'' |0 |1 |- !Byte<br />5 |CCS protocol type |colspan=3{{N/A}} |} ;CCS protocol type :Currently only 1. ====Application protocol==== {|class="wikitable"style=width:95%;text-align:center |+TLS record format for application protocol |- !scope=col|Offset !scope=col style=width:22%|Byte+0 !scope=col style=width:22%|Byte+1 !scope=col style=width:22%|Byte+2 !scope=col style=width:22%|Byte+3 |- !scope=row|Byte<br />0 |style=background:#dfd|23 |colspan=3{{N/A}} |- !scope=row rowspan=2|Bytes<br />1β4 |colspan=2 style=background:#fdd|Legacy version |colspan=2 style=background:#fdd|Length |-style=background:#fdd |''(Major)'' |''(Minor)'' |''(bits 15β8)'' |''(bits 7β0)'' |- !Bytes<br />5β(''m''β1) |colspan=4|Application data |- !Bytes<br />''m''β(''p''β1) |colspan=4 style=background:#fbb|[[message authentication code|MAC]] (optional) |- !Bytes<br />''p''β(''q''β1) |colspan=4 style=background:#fbb|Padding (block ciphers only) |} ;Length :Length of application data (excluding the protocol header and including the MAC and padding trailers) ;MAC :32 bytes for the [[SHA-256]]-based [[HMAC]], 20 bytes for the [[SHA-1]]-based HMAC, 16 bytes for the [[MD5]]-based HMAC. ;Padding :Variable length; last byte contains the padding length.
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)