InnocentZero's Treasure Chest

HomeFeedAbout MeList of interesting people
24 Oct 2025

TLS

TLS Record

| handshake | cipher change | alert | heartbeat | HTTP/SMTP/FTP (aka the protocol) |
|                           TLS Record protocol                                    |
|                                  TCP                                             |
|                                   IP                                             |

TLS handshake protocol

The handshake protocol is very basic:

  • auth communicating parties
  • negotiate the modes and parameters
  • establish shared keying material

TLS record protocol

The record uses the parameters established previously.

  • A session is a long term association between the client and server.
  • Created by the handshake.
  • A single session can support multiple connections.

TLS Session parameters

Some of the parameters are:

  • Session identifier: an arbitrary byte sequence to identify a server.
  • Use a peer certificate if available.
  • Choose a compression if supported.
  • Choose an encryption and hash algorithm for MAC/enc/sig.
  • 48-byte secet shared between the client and the server.

TLS Connection parameters

TLS handshake phases

Phase 1: Establish security capabilities in TLS handshake

Client Hello:

  • Version number:
  • Random: 4 byte TS + 28 byte Nonce
  • Session ID: 0 (new) or nonzero (new-conn/update-params)
  • Cipher suites:
  • Compression (DEPRECATED in v1.3, always NULL)

Server Hello:

  • Version number: min(lowest of client, highest of server)
  • Random: same as above
  • Session ID: if 0, then generate, else use existing value
  • Cipher suites: the best one in the intersection of the ranges
  • Compression: same as above

Phase 2: Server Messages

  • Server sends X.509v3 cert.
  • Server might send optional server-key-exchange, contains ephemeral DH params
  • Server sends cert-request optionally
  • Server sends server-hello-done

Phase 3: Client Messages

  • Client send cert if it has and server asked (if no cert then Alert)
  • Client sends client-key-exchange, contains ephemeral DH and also computes the key based on what server set
  • Client optionally sends certificate-verify, sign a hash on all handshake protocol messages

Phase 4: Client and Server

  • Client sends a change-cipher-spec message: Copies pending cipher state to current state (DEPRECATED in v1.3)
  • Client sends 'finished' message
  • Server sends a change-cipher-spec message (DEPRECATED in v1.3)
  • Server sends 'finished' message

TLS crypto computations

  • 48 byte master secret generated using pre-master key at the end of Phase 2: Server Messages
  • v1.2 uses PRF based on HMAC
  • v1.3 uses HKDF

TLS Alert Protocol

Contains two bytes: first byte indicates fatal or severe, second indicates the code of the specific alert

Other posts
Creative Commons License
This website by innocentzer0 is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.