Overview#TLS 1.2 is TLS version 1.2 has a Version protocol ID of 0x0303
TLS 1.2 is the only version of TLS that is supported by Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
The major differences in TLS 1.2 include:
- The MD5/SHA-1 combination in the pseudorandom function (PRF) was replaced with cipher-suite-specified PRFs.
- The MD5/SHA-1 combination in the digitally-signed element was replaced with a single hash. Signed elements include a field explicitly specifying the hash algorithm used.
- There was substantial cleanup to the client's and server's ability to specify which hash and Digital Signature algorithms they will accept.
- Addition of support for Authenticated Encryption with Associated Data with additional data modes.
- TLS extensions definition and AES Cipher Suites were merged in.
- Tighter checking of EncryptedPreMasterSecret version numbers.
- Many of the requirements were tightened
- Verify_data length depends on the Cipher Suite
- Description of Bleichenbacher/Dlima attack defenses cleaned up.
More Information#There might be more information for this subject on one of the following:
- Best Practices OpenID Connect
- Cipher Suite
- Data In Transit
- Deprecating Secure Sockets Layer Version 3.0
- Diffie-Hellman Ephemeral
- Lucky 13
- NSA Suite B Cryptography
- OAuth 2.0 Dynamic Client Registration Management Protocol
- Prohibiting RC4 Cipher Suites
- RFC 5246
- Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
- Record Protocol
- TLS 1.3
- TLS Full Handshake
- TLS PRF
- TLS Session Resumption
- Token Binding Protocol Negotiation
- Token Binding over HTTP
- Transport Layer Security
- Web Blog_blogentry_150617_1