A. Значения протокольных констант
A.1. Уровень записей
struct { uint8 major, minor; } ProtocolVersion;
ProtocolVersion version = { 3, 1 }; /* TLS v1.0 */
enum { change_cipher_spec(20), alert(21), handshake(22),
application_data(23), (255) } ContentType;
struct { ContentType type; ProtocolVersion version; uint16 length;
opaque fragment[TLSPlaintext.length];
} TLSPlaintext;
struct { ContentType type;
ProtocolVersion version;
uint16 length;
opaque fragment[TLSCompressed.length];
} TLSCompressed;
struct { ContentType type; ProtocolVersion version; uint16 length;
select (CipherSpec.cipher_type) { case stream: GenericStreamCipher;
case block: GenericBlockCipher; } fragment;
} TLSCiphertext;
stream-ciphered struct { opaque content[TLSCompressed.length];
opaque MAC[CipherSpec.hash_size]; } GenericStreamCipher;
block-ciphered struct { opaque content[TLSCompressed.length];
opaque MAC[CipherSpec.hash_size];
uint8 padding[GenericBlockCipher.padding_length];
uint8 padding_length;
} GenericBlockCipher;
A.2. Сообщение об изменении спецификации шифра
struct { enum { change_cipher_spec(1), (255) } type;} ChangeCipherSpec;
A.3. Сообщения уведомления (Alert)
enum { warning(1), fatal(2), (255) } AlertLevel;
enum { close_notify(0),
|
unexpected_message(10), |
|
bad_record_mac(20), |
|
decryption_failed(21), |
|
record_overflow(22), |
|
decompression_failure(30), |
|
handshake_failure(40), |
|
bad_certificate(42), |
|
unsupported_certificate(43), |
|
certificate_revoked(44), |
|
certificate_expired(45), |
|
certificate_unknown(46), |
|
illegal_parameter(47), |
|
unknown_ca(48), |
|
access_denied(49), |
|
decode_error(50), |
|
decrypt_error(51), |
|
export_restriction(60), |
|
protocol_version(70), |
|
insufficient_security(71), |
|
internal_error(80), |
|
user_canceled(90), |
|
no_renegotiation(100), |
|
(255) } AlertDescription; |
struct { AlertLevel level; AlertDescription description; } Alert;
A.4. Протокол диалога
enum { hello_request(0), client_hello(1), server_hello(2),