RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2

Published: August 2008
Status: Standards Track
Authors: T. Dierks (Independent), E. Rescorla (RTFM, Inc.)
Obsoletes: RFC 3268, RFC 4346, RFC 4366
Updates: RFC 4492

---

Abstract

This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.

---

Status of This Memo

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

---

Contents

• 1. Introduction
  • 1.1. Requirements Terminology
  • 1.2. Major Differences from TLS 1.1
• 2. Goals
• 3. Goals of This Document
• 4. Presentation Language
  • 4.1. Basic Block Size
  • 4.2. Miscellaneous
  • 4.3. Vectors
  • 4.4. Numbers
  • 4.5. Enumerateds
  • 4.6. Constructed Types
  • 4.7. Cryptographic Attributes
  • 4.8. Constants
• 5. HMAC and the Pseudorandom Function
• 6. The TLS Record Protocol
  • 6.1. Connection States
  • 6.2. Record Layer
  • 6.3. Key Calculation
• 7. The TLS Handshaking Protocols
  • 7.1. Change Cipher Spec Protocol
  • 7.2. Alert Protocol
  • 7.3. Handshake Protocol Overview
  • 7.4. Handshake Protocol
• 8. Cryptographic Computations
  • 8.1. Computing the Master Secret
• 9. Mandatory Cipher Suites
• 10. Application Data Protocol
• 11. Security Considerations
• 12. IANA Considerations

Appendices

• Appendix A. Protocol Data Structures and Constant Values
• Appendix B. Glossary
• Appendix C. Cipher Suite Definitions
• Appendix D. Implementation Notes
• Appendix E. Backward Compatibility
• Appendix F. Security Analysis

References

• Normative References
• Informative References

---

Related Resources

• Official Text: RFC 5246
• Official Page: RFC 5246 DataTracker
• Errata: RFC Editor Errata
• Successor Version: RFC 8446 - TLS 1.3

---

Important Note

TLS 1.2 has been superseded by TLS 1.3 (RFC 8446). New implementations are recommended to adopt TLS 1.3, although TLS 1.2 remains widely deployed and used in many production environments. This document provides a complete specification of TLS 1.2 for reference.

---