Transport Layer Security (TLS) Renegotiation Indication Extension (TLS Renegotiation) defines a new TLS extension, "renegotiation_info" (with extension type 0xff01), which contains a cryptographic binding to the enclosing TLS connection (if any) for which the renegotiation is being performed and is defined in RFC 5746.

The "extension data" field of this extension contains a "RenegotiationInfo" structure:

struct {
    opaque renegotiated_connection<0..255>;
} RenegotiationInfo;

The contents of this extension are specified as follows.

If this is the initial handshake for a connection, then the "renegotiated_connection" field is of zero length in both the ClientHello and the ServerHello. Thus, the entire encoding of the extension is ff 01 00 01 00. The first two octets represent the extension type, the third and fourth octets the length of the extension itself, and the final octet the zero length byte for the "renegotiated_connection" field.

For ClientHellos that are renegotiating, this field contains the "client_verify_data" specified in Section 3.1.

For ServerHellos that are renegotiating, this field contains the concatenation of client_verify_data and server_verify_data.

For current versions of TLS, this will be a 24-byte value (for SSLv3, it will be a 72-byte value).

This extension also can be used with Datagram Transport Layer Security (DTLS) RFC 4347.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-3) was last changed on 02-Mar-2017 14:35 by jim