Search RFCs
RFC 5746
Transport Layer Security (TLS) Renegotiation Indication Extension,February 2010
- File formats:
- Status:
- PROPOSED STANDARD
- Updates:
- RFC 5246,RFC 4366,RFC 4347,RFC 4346,RFC 2246
- Authors:
- E. Rescorla
M. Ray
S. Dispensa
N. Oskov - Stream:
- IETF
- Source:
- tls (sec)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC5746
Discuss this RFC: Send questions or comments to the mailing listtls@ietf.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 5746
Abstract
Secure Socket Layer (SSL) and Transport Layer Security (TLS)renegotiation are vulnerable to an attack in which the attacker formsa TLS connection with the target server, injects content of hischoice, and then splices in a new TLS connection from a client. Theserver treats the client's initial TLS handshake as a renegotiationand thus believes that the initial data transmitted by the attacker isfrom the same entity as the subsequent client data. Thisspecification defines a TLS extension to cryptographically tierenegotiations to the TLS connections they are being performed over,thus preventing this attack. [STANDARDS-TRACK]
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.