中文网站
  Advanced Search
Read the latest Blogs from IT professionals in the field. Read and write community created documents. Need IT help? Ask our staff. Connect with your peers. Check our Tech Shop for posters, books and software tools. Home
HomeTLS: Transport Layer Security Protocol

TLS: Transport Layer Security Protocol

Transport Layer Security (TLS) Protocol is to provide privacy and data integrity between two communicating applications. The protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. At the lowest level, layered on top of some reliable transport protocol (TCP) is the TLS Record Protocol. The TLS Record Protocol provides connection security that has two basic properties:

  • Private - symmetric cryptography is used for data encryption (DES, RC4 , etc.) The keys for this symmetric encryption are generated uniquely for each connection and are based on a secret negotiated by another protocol (such as the TLS Handshake Protocol). The Record Protocol can also be used without encryption.
  • Reliable - message transport includes a message integrity check using a keyed MAC. Secure hash functions (SHA, MD5, etc.) are used for MAC computations. The Record Protocol can operate without a MAC, but is generally only used in this mode while another protocol is using the Record Protocol as a transport for negotiating security parameters.

The TLS Record Protocol is used for encapsulation of various higher level protocols. One such encapsulated protocol, the TLS Handshake Protocol, allows the server and client to authenticate each other and to negotiate an encryption algorithm and cryptographic keys before the application protocol transmits or receives its first byte of data. The TLS Handshake Protocol provides connection security that has three basic properties:

  • The peer"s identity can be authenticated using asymmetric, or public key, cryptography (RSA, DSS, etc.). This authentication can be made optional, but is generally required for at least one of the peers.
  • The negotiation of a shared secret is secure: the negotiated secret is unavailable to eavesdroppers, and for any authenticated connection the secret cannot be obtained, even by an attacker who can place himself in the middle of the connection.
  • The negotiation is reliable: no attacker can modify the negotiation communication without being detected by the parties to the communication.

TLS is based on the Secure Socket Layer (SSL), a protocol originally created by Netscape. One advantage of TLS is that it is application protocol independent. The TLS protocol runs above TCP/IP and below application protocols such as HTTP or IMAP. The HTTP running on top of TLS or SSL is often called HTTPS. The TLS standard does not specify how protocols add security with TLS; the decisions on how to initiate TLS handshaking and how to interpret the authentication certificates exchanged are left up to the judgment of the designers and implementers of protocols which run on top of TLS.

Protocol Structure

TLS protocol includes two protocol groups: TLS Record Protocol and TLS Handshake protocols, which have many messages with different formats. We only summarized the protocols here without details, which could be found in the reference documents.

TLS Record Protocol: a layered protocol. At each layer, messages may include fields for length, description, and content. The Record Protocol takes messages to be transmitted, fragments the data into manageable blocks, optionally compresses the data, applies a MAC, encrypts, and transmits the result. Received data is decrypted, verified, decompressed, and reassembled, then delivered to higher level clients. Here are the layers:

  • TLS connection state: is the operating environment of the TLS Record Protocol. It specifies a compression algorithm, encryption algorithm, and MAC algorithm. Connection states.
  • TLS Record Layer: receives uninterpreted data from higher layers in non-empty blocks of arbitrary size.
  • Key calculation: The Record Protocol requires an algorithm to generate keys, IVs, and MAC secrets from the security parameters provided by the handshake protocol.

TLS Handshake Protocol: consists of a suite of three sub-protocols which are used to allow peers to agree upon security parameters for the record layer, authenticate themselves, instantiate negotiated security parameters, and report error conditions to each other.

  • Change cipher spec protocol
  • Alert protocol Handshake protocol

Related protocols: TCP, GRE, L2TP, PPTP, RSA, SSL, HTTPS

Sponsor Source: TLS is defined by IETF (http://www.ietf.org) in RFC 2246 and updated in RFC 3546.

Reference: http://www.javvin.com/protocol/rfc2246.pdf: The TLS Protocol Version 1.0

‹ SSH: Secure Shell Protocol OverviewupNovell Protocols Overview ›

Reply

The content of this field is kept private and will not be shown publicly.
  • Use <!--pagebreak--> to create page breaks.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <!--pagebreak--> <img> <br> <table> <tr> <td> <tbody> <p>
  • Lines and paragraphs break automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
13 + 7 =
Solve this simple math problem and enter the result. E.g. for 1+3, enter 4.