TLS_1.3_RFC8446.md

The Transport Layer Security (TLS) Protocol Version 1.3

Table of Contents

1. Introduction

• 1.1. Conventions and Terminology
• 1.2. Major Differences from TLS 1.2
• 1.3. Updates Affecting TLS 1.2

2. Protocol Overview

• 2.1. Incorrect DHE Share
• 2.2. Resumption and Pre-Shared Key (PSK)
• 2.3. 0-RTT Data

3. Presentation Language

这一章都是一些公认的表达语言，笔者觉得读者基本都清楚，所以就不翻译了。

• 3.1. Basic Block Size
• 3.2. Miscellaneous
• 3.3. Numbers
• 3.4. Vectors
• 3.5. Enumerateds
• 3.6. Constructed Types
• 3.7. Constants
• 3.8. Variants

4. Handshake Protocol

• 4.1. Key Exchange Messages
• 4.1.1. Cryptographic Negotiation
• 4.1.2. Client Hello
• 4.1.3. Server Hello
• 4.1.4. Hello Retry Request
• 4.2. Extensions
• 4.2.1. Supported Versions
• 4.2.2. Cookie
• 4.2.3. Signature Algorithms
• 4.2.4. Certificate Authorities
• 4.2.5. OID Filters
• 4.2.6. Post-Handshake Client Authentication
• 4.2.7. Supported Groups
• 4.2.8. Key Share
• 4.2.9. Pre-Shared Key Exchange Modes
• 4.2.10. Early Data Indication
• 4.2.11. Pre-Shared Key Extension
• 4.3. Server Parameters
• 4.3.1. Encrypted Extensions
• 4.3.2. Certificate Request
• 4.4. Authentication Messages
• 4.4.1. The Transcript Hash
• 4.4.2. Certificate
• 4.4.3. Certificate Verify
• 4.4.4. Finished
• 4.5. End of Early Data
• 4.6. Post-Handshake Messages
• 4.6.1. New Session Ticket Message
• 4.6.2. Post-Handshake Authentication
• 4.6.3. Key and Initialization Vector Update

5. Record Protocol

• 5.1. Record Layer
• 5.2. Record Payload Protection
• 5.3. Per-Record Nonce
• 5.4. Record Padding
• 5.5. Limits on Key Usage

6. Alert Protocol

• 6.1. Closure Alerts
• 6.2. Error Alerts

7. Cryptographic Computations

• 7.1. Key Schedule
• 7.2. Updating Traffic Secrets
• 7.3. Traffic Key Calculation
• 7.4. (EC)DHE Shared Secret Calculation
• 7.4.1. Finite Field Diffie-Hellman
• 7.4.2. Elliptic Curve Diffie-Hellman
• 7.5. Exporters

8. 0-RTT and Anti-Replay

• 8.1. Single-Use Tickets
• 8.2. Client Hello Recording
• 8.3. Freshness Checks

9. Compliance Requirements

• 9.1. Mandatory-to-Implement Cipher Suites
• 9.2. Mandatory-to-Implement Extensions
• 9.3. Protocol Invariants

10. Security Considerations

11. IANA Considerations

12. References

这一章都是引用的论文，所以就不翻译了。

• 12.1. Normative References
• 12.2. Informative References

Appendix A. State Machine

这一章是两张状态机的图，所以就不翻译了。

• A.1. Client
• A.2. Server

Appendix B. Protocol Data Structures and Constant Values

这一章讲的都是数据结构，所以就不翻译了。

• B.1. Record Layer
• B.2. Alert Messages
• B.3. Handshake Protocol
• B.3.1. Key Exchange Messages
• B.3.2. Server Parameters Messages
• B.3.3. Authentication Messages
• B.3.4. Ticket Establishment
• B.3.5. Updating Keys
• B.4. Cipher Suites

Appendix C. Implementation Notes

• C.1. Random Number Generation and Seeding
• C.2. Certificates and Authentication
• C.3. Implementation Pitfalls
• C.4. Client Tracking Prevention
• C.5. Unauthenticated Operation

Appendix D. Backward Compatibility

• D.1. Negotiating with an Older Server
• D.2. Negotiating with an Older Client
• D.3. 0-RTT Backward Compatibility
• D.4. Middlebox Compatibility Mode
• D.5. Security Restrictions Related to Backward Compatibility

Appendix E. Overview of Security Properties

• E.1. Handshake
• E.1.1. Key Derivation and HKDF
• E.1.2. Client Authentication
• E.1.3. 0-RTT
• E.1.4. Exporter Independence
• E.1.5. Post-Compromise Security
• E.1.6. External References
• E.2. Record Layer
• E.2.1. External References
• E.3. Traffic Analysis
• E.4. Side-Channel Attacks
• E.5. Replay Attacks on 0-RTT
• E.5.1. Replay and Exporters
• E.6. PSK Identity Exposure
• E.7. Sharing PSKs
• E.8. Attacks on Static RSA

---

Reference：

RFC 8446

GitHub Repo：Halfrost-Field

Follow: halfrost · GitHub

Source: https://halfrost.com/TLS_1.3_RFC8446/