B.2 TLS Record Layer

B.2 TLS Record Layer

At the bottom layer of the TLS protocol is the TLS record layer. The record layer sends blocks of data, called records, between the client and the server. Each block can contain up to 16,383 bytes of data. Quoting from the original SSL specification and RFC 2246, "Client message boundaries are not preserved in the record layer." This means that if higher-level processes send multiple messages very quickly, those messages may be grouped together into a single record. Alternatively, they might be broken into many records and they will be broken if they're longer than 16,383 bytes.

Each TLS record contains the following information:

• Content type

• Protocol version number

• Length

• Data payload (optionally compressed and encrypted)

• Message Authentication Code (MAC)^[A]

  ^[A] The Content Type, Protocol Version, Length, and Data Payload are part of the TLSCompressed structure, while the MAC is part of the GenericStreamCipher or GenericBlockCipher structures. They are included together in this explanation for brevity.

Each record is compressed and encrypted according to the current compression algorithm and encryption algorithm. At the start of the connection, the compression function is defined as CompressionMethod.null and the encryption method is TLS_NULL_WITH_NULL_NULL that is, there is no compression or encryption. Both the compression and encryption algorithms can be set during the "Hello" and changed during the course of the conversation.

The MAC is calculated using the formula:

HMAC_hash( MAC_write_secret, seq_num + TLSCompressed.type + TLSCompressed.version +  TLSCompressed.length + TLSCompressed.fragment))

where:

• seq_num is the sequence number for the message.

• HMAC_hash( ) is the hashing algorithm. HMAC is a keyed MAC function that can be used with a variety of hashing algorithms. TLS is typically used with either MD5 or SHA-1.

• MAC_write_secret is a secret shared between the SSL client and server that is used to validate transmission.

• TLSCompressed.type is the type of the record.

• TLSCompressed.version is the TLS version number.

• TLSCompressed.length is the length of the data fragment.

• TLSCompressed.fragment is the data itself.

The record layer provides for data integrity. The use of the MAC prevents replay attacks within a session, because each message has a unique sequence number. And the record layer provides for compression this is important because once data is encrypted, it cannot be further compressed.