RFC 2246 (rfc2246) - Page 3 of 80
The TLS Protocol Version 1
Alternative Format: Original Text Document
RFC 2246 The TLS Protocol Version 1.0 January 1999 D. Implementation Notes 64 D.1. Temporary RSA keys 64 D.2. Random Number Generation and Seeding 64 D.3. Certificates and authentication 65 D.4. CipherSuites 65 E. Backward Compatibility With SSL 66 E.1. Version 2 client hello 67 E.2. Avoiding man-in-the-middle version rollback 68 F. Security analysis 69 F.1. Handshake protocol 69 F.1.1. Authentication and key exchange 69 F.1.1.1. Anonymous key exchange 69 F.1.1.2. RSA key exchange and authentication 70 F.1.1.3. Diffie-Hellman key exchange with authentication 71 F.1.2. Version rollback attacks 71 F.1.3. Detecting attacks against the handshake protocol 72 F.1.4. Resuming sessions 72 F.1.5. MD5 and SHA 72 F.2. Protecting application data 72 F.3. Final notes 73 G. Patent Statement 74 Security Considerations 75 References 75 Credits 77 Comments 78 Full Copyright Statement 80 1. Introduction The primary goal of the TLS Protocol is to provide privacy and data integrity between two communicating applications. The protocol is composed of two layers: the TLS Record Protocol and the TLS Handshake Protocol. At the lowest level, layered on top of some reliable transport protocol (e.g., TCP[TCP]), is the TLS Record Protocol. The TLS Record Protocol provides connection security that has two basic properties: - The connection is private. Symmetric cryptography is used for data encryption (e.g., DES [DES], RC4 [RC4], etc.) The keys for this symmetric encryption are generated uniquely for each connection and are based on a secret negotiated by another protocol (such as the TLS Handshake Protocol). The Record Protocol can also be used without encryption. - The connection is reliable. Message transport includes a message integrity check using a keyed MAC. Secure hash functions (e.g., SHA, MD5, etc.) are used for MAC computations. The Record Protocol can operate without a MAC, but is generally only used in Dierks & Allen Standards Track
