The Transport Layer Security (TLS) Protocol Version 1.3
Table of Contents
1. Introduction
- 1.1. Conventions and Terminology
- 1.2. Major Differences from TLS 1.2
- 1.3. Updates Affecting TLS 1.2
2. Protocol Overview
- 2.1. Incorrect DHE Share
- 2.2. Resumption and Pre-Shared Key (PSK)
- 2.3. 0-RTT Data
3. Presentation Language
这一章都是一些公认的表达语言,笔者觉得读者基本都清楚,所以就不翻译了。
- 3.1. Basic Block Size
- 3.2. Miscellaneous
- 3.3. Numbers
- 3.4. Vectors
- 3.5. Enumerateds
- 3.6. Constructed Types
- 3.7. Constants
- 3.8. Variants
4. Handshake Protocol
- 4.1. Key Exchange Messages
- 4.1.1. Cryptographic Negotiation
- 4.1.2. Client Hello
- 4.1.3. Server Hello
- 4.1.4. Hello Retry Request
- 4.2. Extensions
- 4.2.1. Supported Versions
- 4.2.2. Cookie
- 4.2.3. Signature Algorithms
- 4.2.4. Certificate Authorities
- 4.2.5. OID Filters
- 4.2.6. Post-Handshake Client Authentication
- 4.2.7. Supported Groups
- 4.2.8. Key Share
- 4.2.9. Pre-Shared Key Exchange Modes
- 4.2.10. Early Data Indication
- 4.2.11. Pre-Shared Key Extension
- 4.3. Server Parameters
- 4.3.1. Encrypted Extensions
- 4.3.2. Certificate Request
- 4.4. Authentication Messages
- 4.4.1. The Transcript Hash
- 4.4.2. Certificate
- 4.4.3. Certificate Verify
- 4.4.4. Finished
- 4.5. End of Early Data
- 4.6. Post-Handshake Messages
- 4.6.1. New Session Ticket Message
- 4.6.2. Post-Handshake Authentication
- 4.6.3. Key and Initialization Vector Update
5. Record Protocol
- 5.1. Record Layer
- 5.2. Record Payload Protection
- 5.3. Per-Record Nonce
- 5.4. Record Padding
- 5.5. Limits on Key Usage
6. Alert Protocol
- 6.1. Closure Alerts
- 6.2. Error Alerts
7. Cryptographic Computations
- 7.1. Key Schedule
- 7.2. Updating Traffic Secrets
- 7.3. Traffic Key Calculation
- 7.4. (EC)DHE Shared Secret Calculation
- 7.4.1. Finite Field Diffie-Hellman
- 7.4.2. Elliptic Curve Diffie-Hellman
- 7.5. Exporters
8. 0-RTT and Anti-Replay
- 8.1. Single-Use Tickets
- 8.2. Client Hello Recording
- 8.3. Freshness Checks
9. Compliance Requirements
- 9.1. Mandatory-to-Implement Cipher Suites
- 9.2. Mandatory-to-Implement Extensions
- 9.3. Protocol Invariants
10. Security Considerations
11. IANA Considerations
12. References
这一章都是引用的论文,所以就不翻译了。
- 12.1. Normative References
- 12.2. Informative References
Appendix A. State Machine
这一章是两张状态机的图,所以就不翻译了。
- A.1. Client
- A.2. Server
Appendix B. Protocol Data Structures and Constant Values
这一章讲的都是数据结构,所以就不翻译了。
- B.1. Record Layer
- B.2. Alert Messages
- B.3. Handshake Protocol
- B.3.1. Key Exchange Messages
- B.3.2. Server Parameters Messages
- B.3.3. Authentication Messages
- B.3.4. Ticket Establishment
- B.3.5. Updating Keys
- B.4. Cipher Suites
Appendix C. Implementation Notes
- C.1. Random Number Generation and Seeding
- C.2. Certificates and Authentication
- C.3. Implementation Pitfalls
- C.4. Client Tracking Prevention
- C.5. Unauthenticated Operation
Appendix D. Backward Compatibility
- D.1. Negotiating with an Older Server
- D.2. Negotiating with an Older Client
- D.3. 0-RTT Backward Compatibility
- D.4. Middlebox Compatibility Mode
- D.5. Security Restrictions Related to Backward Compatibility
Appendix E. Overview of Security Properties
- E.1. Handshake
- E.1.1. Key Derivation and HKDF
- E.1.2. Client Authentication
- E.1.3. 0-RTT
- E.1.4. Exporter Independence
- E.1.5. Post-Compromise Security
- E.1.6. External References
- E.2. Record Layer
- E.2.1. External References
- E.3. Traffic Analysis
- E.4. Side-Channel Attacks
- E.5. Replay Attacks on 0-RTT
- E.5.1. Replay and Exporters
- E.6. PSK Identity Exposure
- E.7. Sharing PSKs
- E.8. Attacks on Static RSA
Reference:
GitHub Repo:Halfrost-Field
Follow: halfrost · GitHub