Skip to main content

Application-Layer TLS

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors Owen Friel , Richard Barnes , Max Pritikin
Last updated 2017-10-30
Replaced by draft-friel-tls-atls
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-friel-tls-atls
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Many clients need to establish secure connections to application services but face challenges establishing these connections due to the presence of middleboxes that terminate TLS connections from the client and restablish new TLS connections to the service. This document defines a mechanism for transporting TLS records in HTTP message bodies between clients and services. This enables clients and services to establish secure connections using TLS at the application layer, and treat any middleboxes that are intercepting traffic at the network layer as untrusted transport. In short, this mechanism moves the TLS handshake up the OSI stack to the application layer.


Owen Friel
Richard Barnes
Max Pritikin

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)