A bit on the transport layer security. I wrote these for a course so not the best notes on the topic.

tls

| handshake | cipher change | alert | heartbeat | HTTP/SMTP/FTP (aka the protocol) |
|                           TLS Record protocol                                    |
|                                  TCP                                             |
|                                   IP                                             |

TLS handshake protocol

The handshake protocol is very basic:

• auth communicating parties
• negotiate the modes and parameters
• establish shared keying material

TLS record protocol

The record uses the parameters established previously.

• A session is a long term association between the client and server.
• Created by the handshake.
• A single session can support multiple connections.

TLS Session parameters

Some of the parameters are:

• Session identifier: an arbitrary byte sequence to identify a server.
• Use a peer certificate (an X.509 certificate in effect) if available.
• Choose a compression if supported.
• Choose an encryption and hash algorithm for MAC/enc/sig.
• 48-byte secet shared between the client and the server.

TLS Connection parameters

• server and client random parameters
• Server's MAC secret
• Client's MAC secret
• Server's write key
• Client's write key
• IVs
• Sequence numbers

TLS handshake phases

Phase 1: Establish security capabilities in TLS handshake

Client Hello:

• Version number:
• Random: 4 byte TS + 28 byte Nonce
• Session ID: 0 (new) or nonzero (new-conn/update-params)
• Cipher suites:
• Compression (DEPRECATED in v1.3, always NULL)

Server Hello:

• Version number: min(lowest of client, highest of server)
• Random: same as above
• Session ID: if 0, then generate, else use existing value
• Cipher suites: the best one in the intersection of the ranges
• Compression: same as above

Phase 2: Server Messages

• Server sends X.509v3 cert.
• Server might send optional server-key-exchange, contains ephemeral DH params
• Server sends cert-request optionally
• Server sends server-hello-done

Phase 3: Client Messages

• Client send cert if it has and server asked (if no cert then Alert)
• Client sends client-key-exchange, contains ephemeral DH and also computes the key based on what server sent
• Client optionally sends certificate-verify, sign a hash on all handshake protocol messages

Phase 4: Client and Server

• Client sends a change-cipher-spec message: Copies pending cipher state to current state (DEPRECATED in v1.3)
• Client sends 'finished' message
• Server sends a change-cipher-spec message (DEPRECATED in v1.3)
• Server sends 'finished' message

TLS crypto computations

• 48 byte master secret generated using pre-master key at the end of Phase 2: Server Messages
• v1.2 uses PRF based on HMAC
• v1.3 uses HKDF

TLS Alert Protocol

Contains two bytes: first byte indicates fatal or severe, second indicates the code of the specific alert

TLS packet structure

Take the packet

• Do fragmentation into $2^{14}$ byte sized packets
• Add the MAC of the packet using HMAC
• Encrypt (can increase length to at most 1024 bytes)
• Append TLS header

Header fields include 1 byte content type (alert et al), 1 byte major version, 1 byte minor version, and 2 bytes compressed length.