The document summarizes the evolution of the Transport Layer Security (TLS) protocol from versions 1.0 to 1.2. It describes the key components of TLS including the record protocol for fragmenting and transmitting encrypted data, handshake protocol for authentication and key exchange, and cipher suites for encryption algorithms. The TLS protocol provides secure communication over the internet by preventing eavesdropping, tampering, and forgery of messages between client and server applications.
3. SSL v2
draft published in FEB 1995
SSL 0.2 PROTOCOL SPECIFICATION
http://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html
4. SSL v3
draft published in NOV 1996
The SSL Protocol Version 3.0
http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt
5. TLS 1.0
RFC 2446 - in Jan 1999
The TLS Protocol Version 1.0
http://tools.ietf.org/html/rfc2246
6. TLS 1.1
RFC 4346 - in April 2006
The Transport Layer Security (TLS) Protocol Version 1.1
http://tools.ietf.org/html/rfc4346
7. TLS 1.2
RFC 5246 - in August 2008
The Transport Layer Security (TLS) Protocol Version 1.2
http://tools.ietf.org/html/rfc5246
8. "The TLS protocol provides communications security
over the Internet. The protocol allows client/server
applications to communicate in a way that is designed to
prevent eavesdropping, tampering, or message forgery."
- The Transport Layer Security (TLS) Protocol Version 1.2
10. The Record Protocol takes messages to be transmitted, fragments the
data into manageable blocks, optionally compresses the data, applies
a MAC, encrypts, and transmits the result. Received data is
decrypted, verified, decompressed, reassembled, and then delivered to
higher-level clients.
16. Client Hello
http://tools.ietf.org/html/rfc5246#section-7.4.1.2
struct {
ProtocolVersion client_version;
Random random;
SessionID session_id;
CipherSuite cipher_suites<2..2^16-2>;
CompressionMethod compression_methods<1..2^8-1>;
select (extensions_present) {
case false:
struct {};
case true:
Extension extensions<0..2^16-1>;
};
} ClientHello;
17. CIPHER SUITES
TLS_RSA_WITH_AES_128_CBC_SHA
"The connection is encrypted using AES_128_CBC, with SHA1 for
message authentication and RSA as the key exchange mechanism."
Mandatory Cipher Suites - http://tools.ietf.org/html/rfc5246#section-9
Cipher Suite Definitions - http://tools.ietf.org/html/rfc5246#appendix-C
22. Client Key Exchange Message
http://tools.ietf.org/html/rfc5246#section-7.4.7
struct {
select (KeyExchangeAlgorithm) {
case rsa:
EncryptedPreMasterSecret;
case dhe_dss:
case dhe_rsa:
case dh_dss:
case dh_rsa:
case dh_anon:
ClientDiffieHellmanPublic;
} exchange_keys;
} ClientKeyExchange;