init

2026-06-25 11:46:39 +09:00
commit 06a95a6d5b
56 changed files with 10023 additions and 0 deletions
@@ -0,0 +1,154 @@
+Internet Engineering Task Force (IETF)                       E. Rescorla
+Request for Comments: 8446                                       Mozilla
+Obsoletes: 5077, 5246, 6961                                  August 2018
+Updates: 5705, 6066
+Category: Standards Track
+ISSN: 2070-1721
+
+
+        The Transport Layer Security (TLS) Protocol Version 1.3
+
+Abstract
+
+   This document specifies version 1.3 of the Transport Layer Security
+   (TLS) protocol.  TLS allows client/server applications to communicate
+   over the Internet in a way that is designed to prevent eavesdropping,
+   tampering, and message forgery.
+
+   This document updates RFCs 5705 and 6066, and obsoletes RFCs 5077,
+   5246, and 6961.  This document also specifies new requirements for
+   TLS 1.2 implementations.
+
+Status of This Memo
+
+   This is an Internet Standards Track document.
+   Information about the current status of this document, any errata,
+   and how to provide feedback on it may be obtained at
+   https://www.rfc-editor.org/info/rfc8446.
+
+Table of Contents
+
+   1. Introduction
+      1.1. Conventions and Terminology
+      1.2. Major Differences from TLS 1.2
+      1.3. Updates Affecting TLS 1.2
+   2. Protocol Overview
+      2.1. Incorrect DHE Share
+      2.2. Resumption and Pre-Shared Key (PSK)
+      2.3. 0-RTT Data
+   3. Presentation Language
+      3.1. Basic Block Size
+      3.2. Miscellaneous
+      3.3. Numbers
+      3.4. Vectors
+      3.5. Enumerateds
+      3.6. Constructed Types
+      3.7. Constants
+      3.8. Variants
+   4. Handshake Protocol
+      4.1. Key Exchange Messages
+           4.1.1. Cryptographic Negotiation
+           4.1.2. Client Hello
+           4.1.3. Server Hello
+           4.1.4. Hello Retry Request
+      4.2. Extensions
+           4.2.1. Supported Versions
+           4.2.2. Cookie
+           4.2.3. Signature Algorithms
+           4.2.4. Certificate Authorities
+           4.2.5. OID Filters
+           4.2.6. Post-Handshake Client Authentication
+           4.2.7. Supported Groups
+           4.2.8. Key Share
+           4.2.9. Pre-Shared Key Exchange Modes
+           4.2.10. Early Data Indication
+           4.2.11. Pre-Shared Key Extension
+      4.3. Server Parameters
+           4.3.1. Encrypted Extensions
+           4.3.2. Certificate Request
+      4.4. Authentication Messages
+           4.4.1. The Transcript Hash
+           4.4.2. Certificate
+           4.4.3. Certificate Verify
+           4.4.4. Finished
+      4.5. End of Early Data
+      4.6. Post-Handshake Messages
+           4.6.1. New Session Ticket Message
+           4.6.2. Post-Handshake Authentication
+           4.6.3. Key and Initialization Vector Update
+   5. Record Protocol
+      5.1. Record Layer
+      5.2. Record Payload Protection
+      5.3. Per-Record Nonce
+      5.4. Record Padding
+      5.5. Limits on Key Usage
+   6. Alert Protocol
+      6.1. Closure Alerts
+      6.2. Error Alerts
+   7. Cryptographic Computations
+      7.1. Key Schedule
+      7.2. Updating Traffic Secrets
+      7.3. Traffic Key Calculation
+      7.4. (EC)DHE Shared Secret Calculation
+           7.4.1. Finite Field Diffie-Hellman
+           7.4.2. Elliptic Curve Diffie-Hellman
+      7.5. Exporters
+   8. 0-RTT and Anti-Replay
+      8.1. Single-Use Tickets
+      8.2. Client Hello Recording
+      8.3. Freshness Checks
+   9. Compliance Requirements
+      9.1. Mandatory-to-Implement Cipher Suites
+      9.2. Mandatory-to-Implement Extensions
+      9.3. Protocol Invariants
+   10. Security Considerations
+   11. IANA Considerations
+   12. References
+       12.1. Normative References
+       12.2. Informative References
+   Appendix A. State Machine
+   Appendix B. Protocol Data Structures and Constant Values
+      B.1. Record Layer
+      B.2. Alert Messages
+      B.3. Handshake Protocol
+           B.3.1. Key Exchange Messages
+           B.3.2. Server Parameters Messages
+           B.3.3. Authentication Messages
+           B.3.4. Ticket Establishment
+           B.3.5. Updating Keys
+      B.4. Cipher Suites
+   Appendix C. Implementation Notes
+      C.1. Random Number Generation and Seeding
+      C.2. Certificates and Authentication
+      C.3. Implementation Pitfalls
+      C.4. Client Tracking Prevention
+      C.5. Unauthenticated Operation
+   Appendix D. Backward Compatibility
+      D.1. Negotiating with an Older Server
+      D.2. Negotiating with an Older Client
+      D.3. 0-RTT Backward Compatibility
+      D.4. Middle-Box Compatibility Mode
+      D.5. Security Restrictions Related to Backward Compatibility
+   Appendix E. Overview of Security Properties
+      E.1. Handshake
+      E.2. Record Layer
+      E.3. Traffic Analysis
+      E.4. Side-Channel Attacks
+      E.5. Replay Attacks on 0-RTT
+      E.6. PSK Identity Exposure
+      E.7. Sharing PSKs
+      E.8. Attacks on Static RSA
+   Acknowledgements
+   Author's Address
+
+[NOTE: This file contains the header, abstract, and table of contents
+ of RFC 8446. The full specification text is available at:
+   https://www.rfc-editor.org/rfc/rfc8446
+   https://www.rfc-editor.org/rfc/rfc8446.txt  (text)
+   https://www.rfc-editor.org/rfc/rfc8446.pdf  (PDF)
+
+ Full document: 160 pages, August 2018
+ Author: Eric Rescorla (Mozilla)
+ DOI: 10.17487/RFC8446
+ Obsoletes: RFC 5077, RFC 5246, RFC 6961
+ Updates: RFC 5705, RFC 6066]