18.2. TLS Record Protocol
The TLS Record Protocol layers on top of a reliable connection-oriented transport, such as TCP. The Record Protocol provides data confidentiality using symmetric key cryptography and data integrity using a keyed Message Authentication Checksum (MAC). The keys are generated uniquely for each session based on the security parameters agreed during the TLS handshake. The Record Protocol is also used for encapsulating various upper layer protocols – most notably the TLS Handshake Protocol – in which case it can be used without encryption or message authentication. Other protocols encapsulated in the Record Protocol are the Alert Protocol and the Change Cipher Spec Protocol.
The basic operation of the TLS Record Protocol is as follows:
Read messages for transmit.
Fragment messages into manageable chunks of data.
Compress the data, if compression is required and enabled.
Calculate a MAC.
Encrypt the data.
Transmit the resulting data to the peer.
At the opposite end of the TLS connection, the basic operation of the sender is replicated, but in the reverse order:
Read received data from the peer.
Decrypt the data.
Verify the MAC.
Decompress the data, if compression is required and enabled.
Re-assemble the message fragments.
Deliver the message to upper protocol layers.
Get The IMS: IP Multimedia Concepts And Services, Second Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
