Example Handshake Traces for TLS 1.3
RFC 8448
Internet Engineering Task Force (IETF) M. Thomson
Request for Comments: 8448 Mozilla
Category: Informational January 2019
ISSN: 2070-1721
Example Handshake Traces for TLS 1.3
Abstract
This document includes examples of TLS 1.3 handshakes. Private keys
and inputs are provided so that these handshakes might be reproduced.
Intermediate values, including secrets, traffic keys, and IVs, are
shown so that implementations might be checked incrementally against
these values.
Status of This Memo
This document is not an Internet Standards Track specification; it is
published for informational purposes.
This document is a product of the Internet Engineering Task Force
(IETF). It represents the consensus of the IETF community. It has
received public review and has been approved for publication by the
Internet Engineering Steering Group (IESG). Not all documents
approved by the IESG are candidates for any level of Internet
Standard; see Section 2 of RFC 7841.
Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8448.
Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Thomson Informational [Page 1]
RFC 8448 TLS 1.3 Traces January 2019
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2
2. Private Keys . . . . . . . . . . . . . . . . . . . . . . . . 2
3. Simple 1-RTT Handshake . . . . . . . . . . . . . . . . . . . 3
4. Resumed 0-RTT Handshake . . . . . . . . . . . . . . . . . . . 16
5. HelloRetryRequest . . . . . . . . . . . . . . . . . . . . . . 29
6. Client Authentication . . . . . . . . . . . . . . . . . . . . 43
7. Compatibility Mode . . . . . . . . . . . . . . . . . . . . . 55
8. Security Considerations . . . . . . . . . . . . . . . . . . . 67
9. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 67
10. References . . . . . . . . . . . . . . . . . . . . . . . . . 67
10.1. Normative References . . . . . . . . . . . . . . . . . . 67
10.2. Informative References . . . . . . . . . . . . . . . . . 67
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 68
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 68
1. Introduction
TLS 1.3 [TLS13] defines a new key schedule and a number of new
cryptographic operations. This document includes sample handshakes
that show all intermediate values. This allows an implementation to
be verified incrementally, examining inputs and outputs of each
cryptographic computation independently.
A private key is included with the traces so that implementations can
be checked by importing these values and verifying that the same
outputs are produced.
Note: Invocations of HMAC-based Extract-and-Expand Key Derivation
Function (HKDF) [RFC5869] are not labeled, but they can be
identified through the use of the labels used by HKDF.
2. Private Keys
Ephemeral private keys are shown as they are generated in the traces.
The server in most examples uses an RSA certificate with a private
key of:
modulus (public): b4 bb 49 8f 82 79 30 3d 98 08 36 39 9b 36 c6 98 8c
0c 68 de 55 e1 bd b8 26 d3 90 1a 24 61 ea fd 2d e4 9a 91 d0 15 ab
bc 9a 95 13 7a ce 6c 1a f1 9e aa 6a f9 8c 7c ed 43 12 09 98 e1 87
a8 0e e0 cc b0 52 4b 1b 01 8c 3e 0b 63 26 4d 44 9a 6d 38 e2 2a 5f
da 43 08 46 74 80 30 53 0e f0 46 1c 8c a9 d9 ef bf ae 8e a6 d1 d0
3e 2b d1 93 ef f0 ab 9a 80 02 c4 74 28 a6 d3 5a 8d 88 d7 9f 7f 1e
3f
Thomson Informational [Page 2]
RFC 8448 TLS 1.3 Traces January 2019
public exponent: 01 00 01
private exponent: 04 de a7 05 d4 3a 6e a7 20 9d d8 07 21 11 a8 3c 81
e3 22 a5 92 78 b3 34 80 64 1e af 7c 0a 69 85 b8 e3 1c 44 f6 de 62
e1 b4 c2 30 9f 61 26 e7 7b 7c 41 e9 23 31 4b bf a3 88 13 05 dc 12
17 f1 6c 81 9c e5 38 e9 22 f3 69 82 8d 0e 57 19 5d 8c 84 88 46 02
07 b2 fa a7 26 bc f7 08 bb d7 db 7f 67 9f 89 34 92 fc 2a 62 2e 08
Show full document text