Web Security, Privacy and Commerce, 2nd Edition

only for RuBoard - do not distribute or recompile

B.2 TLS Record Layer

At the bottom layer of the TLS protocol is the TLS record layer. The record layer sends blocks of data, called records, between the client and the server. Each block can contain up to 16,383 bytes of data. Quoting from the original SSL specification and RFC 2246, "Client message boundaries are not preserved in the record layer." This means that if higher-level processes send multiple messages very quickly, those messages may be grouped together into a single record. Alternatively, they might be broken into many records and they will be broken if they're longer than 16,383 bytes.

Each TLS record contains the following information:

Each record is compressed and encrypted according to the current compression algorithm and encryption algorithm. At the start of the connection, the compression function is defined as CompressionMethod.null and the encryption method is TLS_NULL_WITH_NULL_NULL that is, there is no compression or encryption. Both the compression and encryption algorithms can be set during the "Hello" and changed during the course of the conversation.

The MAC is calculated using the formula:

HMAC_hash( MAC_write_secret, seq_num + TLSCompressed.type + TLSCompressed.version + TLSCompressed.length + TLSCompressed.fragment))

where:

The record layer provides for data integrity. The use of the MAC prevents replay attacks within a session, because each message has a unique sequence number. And the record layer provides for compression this is important because once data is encrypted, it cannot be further compressed.

only for RuBoard - do not distribute or recompile

Категории