Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Transport Layer Security
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Further reading== {{commons category|SSL and TLS}} *{{cite conference|first=David|last=Wagner|author2=Schneier, Bruce|title=Analysis of the SSL 3.0 Protocol|book-title=The Second USENIX Workshop on Electronic Commerce Proceedings|publisher=USENIX Press|date=November 1996|pages=29β40|url=http://www.schneier.com/paper-ssl.pdf|access-date=2006-10-12|archive-date=2006-10-16|archive-url=https://web.archive.org/web/20061016180809/http://www.schneier.com/paper-ssl.pdf|url-status=live}} *{{cite book|first=Eric |last=Rescorla|title=SSL and TLS: Designing and Building Secure Systems|publisher=Addison-Wesley Pub Co|location=United States|year=2001|isbn=978-0-201-61598-2|url-access=registration|url=https://archive.org/details/ssltls00eric}} *{{cite book|author=Stephen A. Thomas|title=SSL and TLS essentials securing the Web|publisher=Wiley|location=New York|year=2000|isbn=978-0-471-38354-3}} *{{cite journal|title=A Challenging But Feasible Blockwise-Adaptive Chosen-Plaintext Attack on SSL|journal=International Association for Cryptologic Research|year=2006|first=Gregory|last=Bard|issue=136|url=http://eprint.iacr.org/2006/136|access-date=2011-09-23|archive-date=2011-09-23|archive-url=https://web.archive.org/web/20110923202258/http://eprint.iacr.org/2006/136|url-status=live}} *{{cite web|url=http://lasecwww.epfl.ch/memo/memo_ssl.shtml|title=Password Interception in a SSL/TLS Channel|access-date=2007-04-20|last=Canvel|first=Brice|archive-date=2016-04-20|archive-url=https://web.archive.org/web/20160420233852/http://lasecwww.epfl.ch/memo/memo_ssl.shtml|url-status=dead}} *{{cite IETF|title=RFC of change for TLS Renegotiation|RFC=5746|year=2010 |doi=10.17487/RFC5746}} *[http://www.linuxjournal.com/article/9916 Creating VPNs with IPsec and SSL/TLS] {{Webarchive|url=https://web.archive.org/web/20150412014613/http://www.linuxjournal.com/article/9916 |date=2015-04-12 }} Linux Journal article by Rami Rosen *{{cite book|author=Joshua Davies|title=Implementing SSL/TLS|publisher=Wiley|year=2010|isbn=978-0470920411}} *{{cite web|url=http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf|title=Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations|author1=Polk, Tim|author2=McKay, Kerry|author3=Chokhani, Santosh|date=April 2014|publisher=National Institute of Standards and Technology|archive-url=https://web.archive.org/web/20140508025330/http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf|archive-date=2014-05-08|url-status=dead|access-date=2014-05-07}} *{{cite journal|first1=AbdelRahman|last1=Abdou|first2=Paul|last2=van Oorschot|title=Server Location Verification (SLV) and Server Location Pinning: Augmenting TLS Authentication|journal= ACM Transactions on Privacy and Security|date=August 2017|volume=21|issue=1|pages=1:1β1:26|doi=10.1145/3139294|s2cid=5869541|url=https://dl.acm.org/citation.cfm?id=3139294|access-date=2018-01-11|archive-date=2019-03-22|archive-url=https://web.archive.org/web/20190322145042/https://dl.acm.org/citation.cfm?id=3139294|url-status=live}} *{{cite book|author=Ivan Ristic|title=Bulletproof TLS and PKI, Second Edition|publisher=Feisty Duck|year=2022|isbn=978-1907117091}} ===Primary standards=== The current approved version of (D)TLS is version 1.3, which is specified in: *{{IETF RFC|8446}}: "The Transport Layer Security (TLS) Protocol Version 1.3". *{{IETF RFC|9147}}: "The Datagram Transport Layer Security (DTLS) Protocol Version 1.3" The current standards replaces these former versions, which are now considered obsolete: *{{IETF RFC|5246}}: "The Transport Layer Security (TLS) Protocol Version 1.2". *{{IETF RFC|6347}}: "Datagram Transport Layer Security Version 1.2" *{{IETF RFC|4346}}: "The Transport Layer Security (TLS) Protocol Version 1.1". *{{IETF RFC|4347}}" "Datagram Transport Layer Security" *{{IETF RFC|2246}}: "The TLS Protocol Version 1.0". *{{IETF RFC|6101}}: "The Secure Sockets Layer (SSL) Protocol Version 3.0". *[//tools.ietf.org/html/draft-hickman-netscape-ssl-00 Internet Draft (1995)]: "The SSL Protocol" ===Extensions=== Other [[Request for Comments|RFCs]] subsequently extended (D)TLS. Extensions to (D)TLS 1.3 include: *{{IETF RFC|9367}}: "GOST Cipher Suites for Transport Layer Security (TLS) Protocol Version 1.3". Extensions to (D)TLS 1.2 include: *{{IETF RFC|5288}}: "AES [[Galois/Counter Mode|Galois Counter Mode]] (GCM) Cipher Suites for TLS". *{{IETF RFC|5289}}: "TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM)". *{{IETF RFC|5746}}: "Transport Layer Security (TLS) Renegotiation Indication Extension". *{{IETF RFC|5878}}: "Transport Layer Security (TLS) Authorization Extensions". *{{IETF RFC|5932}}: "Camellia Cipher Suites for TLS" *{{IETF RFC|6066}}: "Transport Layer Security (TLS) Extensions: Extension Definitions", includes [[Server Name Indication]] and [[OCSP stapling]]. *{{IETF RFC|6091}}: "Using [[OpenPGP]] Keys for Transport Layer Security (TLS) Authentication". *{{IETF RFC|6176}}: "Prohibiting Secure Sockets Layer (SSL) Version 2.0". *{{IETF RFC|6209}}: "Addition of the [[ARIA (cipher)|ARIA]] Cipher Suites to Transport Layer Security (TLS)". *{{IETF RFC|6347}}: "Datagram Transport Layer Security Version 1.2". *{{IETF RFC|6367}}: "Addition of the Camellia Cipher Suites to Transport Layer Security (TLS)". *{{IETF RFC|6460}}: "Suite B Profile for Transport Layer Security (TLS)". *{{IETF RFC|6655}}: "AES-CCM Cipher Suites for Transport Layer Security (TLS)". *{{IETF RFC|7027}}: "Elliptic Curve Cryptography (ECC) Brainpool Curves for Transport Layer Security (TLS)". *{{IETF RFC|7251}}: "AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites for TLS". *{{IETF RFC|7301}}: "Transport Layer Security (TLS) [[Application-Layer Protocol Negotiation]] Extension". *{{IETF RFC|7366}}: "Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)". *{{IETF RFC|7465}}: "Prohibiting RC4 Cipher Suites". *{{IETF RFC|7507}}: "TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks". *{{IETF RFC|7568}}: "Deprecating Secure Sockets Layer Version 3.0". *{{IETF RFC|7627}}: "Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension". *{{IETF RFC|7685}}: "A Transport Layer Security (TLS) ClientHello Padding Extension". *{{IETF RFC|9189}}: "GOST Cipher Suites for Transport Layer Security (TLS) Protocol Version 1.2". Extensions to (D)TLS 1.1 include: *{{IETF RFC|4366}}: "Transport Layer Security (TLS) Extensions" describes both a set of specific extensions and a generic extension mechanism. *{{IETF RFC|4492}}: "[[Elliptic Curve Cryptography]] (ECC) Cipher Suites for Transport Layer Security (TLS)". *{{IETF RFC|4680}}: "TLS Handshake Message for Supplemental Data". *{{IETF RFC|4681}}: "TLS User Mapping Extension". *{{IETF RFC|4785}}: "Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS)". *{{IETF RFC|5054}}: "Using the [[Secure Remote Password protocol|Secure Remote Password]] (SRP) Protocol for TLS Authentication". Defines the [[TLS-SRP]] ciphersuites. *{{IETF RFC|5077}}: "Transport Layer Security (TLS) Session Resumption without Server-Side State". *{{IETF RFC|5081}}: "Using [[OpenPGP]] Keys for Transport Layer Security (TLS) Authentication", obsoleted by {{IETF RFC|6091}}. *{{IETF RFC|5216}}: "The [[Extensible Authentication Protocol|EAP]]-TLS Authentication Protocol" Extensions to TLS 1.0 include: *{{IETF RFC|2595}}: "Using TLS with IMAP, POP3 and ACAP". Specifies an extension to the IMAP, POP3 and ACAP services that allow the server and client to use transport-layer security to provide private, authenticated communication over the Internet. *{{IETF RFC|2712}}: "Addition of [[kerberos (protocol)|Kerberos]] Cipher Suites to Transport Layer Security (TLS)". The 40-bit cipher suites defined in this memo appear only for the purpose of documenting the fact that those cipher suite codes have already been assigned. *{{IETF RFC|2817}}: "Upgrading to TLS Within HTTP/1.1", explains how to use the [[HTTP/1.1 Upgrade header|Upgrade mechanism in HTTP/1.1]] to initiate Transport Layer Security (TLS) over an existing TCP connection. This allows unsecured and secured HTTP traffic to share the same ''well known'' port (in this case, http: at 80 rather than https: at 443). *{{IETF RFC|2818}}: "HTTP Over TLS", distinguishes secured traffic from insecure traffic by the use of a different 'server port'. *{{IETF RFC|3207}}: "SMTP Service Extension for Secure SMTP over Transport Layer Security". Specifies an extension to the SMTP service that allows an SMTP server and client to use transport-layer security to provide private, authenticated communication over the Internet. *{{IETF RFC|3268}}: "AES Ciphersuites for TLS". Adds [[Advanced Encryption Standard]] (AES) cipher suites to the previously existing symmetric ciphers. *{{IETF RFC|3546}}: "Transport Layer Security (TLS) Extensions", adds a mechanism for negotiating protocol extensions during session initialisation and defines some extensions. Made obsolete by {{IETF RFC|4366}}. *{{IETF RFC|3749}}: "Transport Layer Security Protocol Compression Methods", specifies the framework for compression methods and the [[DEFLATE]] compression method. *{{IETF RFC|3943}}: "Transport Layer Security (TLS) Protocol Compression Using Lempel-Ziv-Stac (LZS)". *{{IETF RFC|4132}}: "Addition of [[Camellia (cipher)|Camellia]] Cipher Suites to Transport Layer Security (TLS)". *{{IETF RFC|4162}}: "Addition of [[SEED]] Cipher Suites to Transport Layer Security (TLS)". *{{IETF RFC|4217}}: "Securing [[FTPS|FTP with TLS]]". *{{IETF RFC|4279}}: "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)", adds three sets of new cipher suites for the TLS protocol to support authentication based on pre-shared keys. ===Informational RFCs=== *{{IETF RFC|7457}}: "Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)" *{{IETF RFC|7525}}: "Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)"
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)