SSL协议_二_帧格式

TLS record

This is the general format of all TLS records.

+Byte +0Byte +1Byte +2Byte +3
Byte
0
Content type 
Bytes
1..4
VersionLength
(Major)(Minor)(bits 15..8)(bits 7..0)
Bytes
5..(m-1)
Protocol message(s)
Bytes
m..(p-1)
MAC (optional)
Bytes
p..(q-1)
Padding (block ciphers only)

Content type

This field identifies the Record Layer Protocol Type contained in this Record.

Content types
HexDecType
0x1420ChangeCipherSpec
0x1521Alert
0x1622Handshake
0x1723Application
0x1824Heartbeat

Version

This field identifies the major and minor version of TLS for the contained message. For a ClientHello message, this need not be the highest version supported by the client.

Versions
Major
version
Minor
version
Version type
30SSL 3.0
31TLS 1.0
32TLS 1.1
33TLS 1.2

Length

The length of Protocol message(s), MAC and Padding, not to exceed 214 bytes (16 KiB).

Protocol message(s)

One or more messages identified by the Protocol field. Note that this field may be encrypted depending on the state of the connection.

MAC and Padding

message authentication code computed over the Protocol message, with additional key material included. Note that this field may be encrypted, or not included entirely, depending on the state of the connection.

No MAC or Padding can be present at end of TLS records before all cipher algorithms and parameters have been negotiated and handshaked and then confirmed by sending a CipherStateChange record (see below) for signalling that these parameters will take effect in all further records sent by the same peer.

Handshake protocol[edit]

Most messages exchanged during the setup of the TLS session are based on this record, unless an error or warning occurs and needs to be signaled by an Alert protocol record (see below), or the encryption mode of the session is modified by another record (see ChangeCipherSpec protocol below).

+Byte +0Byte +1Byte +2Byte +3
Byte
0
22 
Bytes
1..4
VersionLength
(Major)(Minor)(bits 15..8)(bits 7..0)
Bytes
5..8
Message typeHandshake message data length
(bits 23..16)(bits 15..8)(bits 7..0)
Bytes
9..(n-1)
Handshake message data
Bytes
n..(n+3)
Message typeHandshake message data length
(bits 23..16)(bits 15..8)(bits 7..0)
Bytes
(n+4)..
Handshake message data

Message type

This field identifies the Handshake message type.

Message types
CodeDescription
0HelloRequest
1ClientHello
2ServerHello
4NewSessionTicket
11Certificate
12ServerKeyExchange
13CertificateRequest
14ServerHelloDone
15CertificateVerify
16ClientKeyExchange
20Finished

Handshake message data length

This is a 3-byte field indicating the length of the handshake data, not including the header.

Note that multiple Handshake messages may be combined within one record.

Alert protocol[edit]

This record should normally not be sent during normal handshaking or application exchanges. However, this message can be sent at any time during the handshake and up to the closure of the session. If this is used to signal a fatal error, the session will be closed immediately after sending this record, so this record is used to give a reason for this closure. If the alert level is flagged as a warning, the remote can decide to close the session if it decides that the session is not reliable enough for its needs (before doing so, the remote may also send its own signal).

+Byte +0Byte +1Byte +2Byte +3
Byte
0
21 
Bytes
1..4
VersionLength
(Major)(Minor)02
Bytes
5..6
LevelDescription 
Bytes
7..(p-1)
MAC (optional)
Bytes
p..(q-1)
Padding (block ciphers only)

Level

This field identifies the level of alert. If the level is fatal, the sender should close the session immediately. Otherwise, the recipient may decide to terminate the session itself, by sending its own fatal alert and closing the session itself immediately after sending it. The use of Alert records is optional, however if it is missing before the session closure, the session may be resumed automatically (with its handshakes).

Normal closure of a session after termination of the transported application should preferably be alerted with at least the Close notify Alert type (with a simple warning level) to prevent such automatic resume of a new session. Signalling explicitly the normal closure of a secure session before effectively closing its transport layer is useful to prevent or detect attacks (like attempts to truncate the securely transported data, if it intrinsically does not have a predetermined length or duration that the recipient of the secured data may expect).

Alert level types
CodeLevel typeConnection state
1warningconnection or security may be unstable.
2fatalconnection or security may be compromised, or an unrecoverable error has occurred.

Description

This field identifies which type of alert is being sent.

Alert description types
CodeDescriptionLevel typesNote
0Close notifywarning/fatal 
10Unexpected messagefatal 
20Bad record MACfatalPossibly a bad SSL implementation, or payload has been tampered with e.g. FTP firewall rule on FTPS server.
21Decryption failedfatalTLS only, reserved
22Record overflowfatalTLS only
30Decompression failurefatal 
40Handshake failurefatal 
41No certificatewarning/fatalSSL 3.0 only, reserved
42Bad certificatewarning/fatal 
43Unsupported certificatewarning/fatale.g. certificate has only Server authentication usage enabled and is presented as a client certificate
44Certificate revokedwarning/fatal 
45Certificate expiredwarning/fatalCheck server certificate expire also check no certificate in the chain presented has expired
46Certificate unknownwarning/fatal 
47Illegal parameterfatal 
48Unknown CA (Certificate authority)fatalTLS only
49Access deniedfatalTLS only – e.g. no client certificate has been presented (TLS: Blank certificate message or SSLv3: No Certificate alert), but server is configured to require one.
50Decode errorfatalTLS only
51Decrypt errorwarning/fatalTLS only
60Export restrictionfatalTLS only, reserved
70Protocol versionfatalTLS only
71Insufficient securityfatalTLS only
80Internal errorfatalTLS only
90User canceledfatalTLS only
100No renegotiationwarningTLS only
110Unsupported extensionwarningTLS only
111Certificate unobtainablewarningTLS only
112Unrecognized namewarning/fatalTLS only; client's Server Name Indicator specified a hostname not supported by the server
113Bad certificate status responsefatalTLS only
114Bad certificate hash valuefatalTLS only
115Unknown PSK identity (used in TLS-PSK andTLS-SRP)fatalTLS only
120No Application ProtocolfatalTLS only, client's ALPN did not contain any server-supported protocols

ChangeCipherSpec protocol[edit]

+Byte +0Byte +1Byte +2Byte +3
Byte
0
20 
Bytes
1..4
VersionLength
(Major)(Minor)01
Byte
5
CCS protocol type 

CCS protocol type

Currently only 1.

Application protocol[edit]

+Byte +0Byte +1Byte +2Byte +3
Byte
0
23 
Bytes
1..4
VersionLength
(Major)(Minor)(bits 15..8)(bits 7..0)
Bytes
5..(m-1)
Application data
Bytes
m..(p-1)
MAC (optional)
Bytes
p..(q-1)
Padding (block ciphers only)

Length

Length of application data (excluding the protocol header and including the MAC and padding trailers)

MAC

20 bytes for the SHA-1-based HMAC, 16 bytes for the MD5-based HMAC.

Padding

Variable length; last byte contains the padding length.

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值