RFC 3546 (rfc3546) - Page 2 of 29


Transport Layer Security (TLS) Extensions



Alternative Format: Original Text Document



RFC 3546                     TLS Extensions                    June 2003


Table of Contents

   1.  Introduction .............................................  2
   2.  General Extension Mechanisms .............................  4
       2.1. Extended Client Hello ...............................  5
       2.2. Extended Server Hello ...............................  5
       2.3. Hello Extensions ....................................  6
       2.4. Extensions to the handshake protocol ................  7
   3.  Specific Extensions ......................................  8
       3.1. Server Name Indication ..............................  8
       3.2. Maximum Fragment Length Negotiation ................. 10
       3.3. Client Certificate URLs ............................. 11
       3.4. Trusted CA Indication ............................... 14
       3.5. Truncated HMAC ...................................... 15
       3.6. Certificate Status Request........................... 16
   4. Error alerts .............................................. 18
   5. Procedure for Defining New Extensions...................... 20
   6.  Security Considerations .................................. 21
       6.1. Security of server_name ............................. 21
       6.2. Security of max_fragment_length ..................... 21
       6.3. Security of client_certificate_url .................. 22
       6.4. Security of trusted_ca_keys ......................... 23
       6.5. Security of truncated_hmac .......................... 23
       6.6. Security of status_request .......................... 24
   7.  Internationalization Considerations ...................... 24
   8.  IANA Considerations ...................................... 24
   9.  Intellectual Property Rights ............................. 26
   10. Acknowledgments .......................................... 26
   11. Normative References ..................................... 27
   12. Informative References ................................... 28
   13. Authors' Addresses ....................................... 28
   14. Full Copyright Statement ................................. 29

1. Introduction

   This document describes extensions that may be used to add
   functionality to Transport Layer Security (TLS).  It provides both
   generic extension mechanisms for the TLS handshake client and server
   hellos, and specific extensions using these generic mechanisms.

   TLS is now used in an increasing variety of operational environments
   - many of which were not envisioned when the original design criteria
   for TLS were determined.  The extensions introduced in this document
   are designed to enable TLS to operate as effectively as possible in
   new environments like wireless networks.






Blake-Wilson, et. al.       Standards Track