| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |
3.3 The TLS record protocol
The record protocol is the secure communications provider. Its purpose is to encrypt, authenticate and —optionally— compress packets.
The record layer functions can be called at any time after the handshake process is finished, when there is need to receive or send data. In DTLS however, due to re-transmission timers used in the handshake out-of-order handshake data might be received for some time (maximum 60 seconds) after the handshake process is finished. For this reason programs using DTLS should call gnutls_record_recv or gnutls_record_recv_seq for every packet received by the peer, even if no data were expected.
As you may have already noticed, the functions which access the record protocol, are quite limited, given the importance of this protocol in TLS. This is because the record protocol’s parameters are all set by the handshake protocol.
The record protocol initially starts with NULL parameters, which means no encryption, and no MAC is used. Encryption and authentication begin just after the handshake protocol has finished.
| 3.3.1 Encryption algorithms used in the record layer | ||
| 3.3.2 Compression algorithms used in the record layer | ||
| 3.3.3 Weaknesses and countermeasures | ||
| 3.3.4 On record padding |
| [ < ] | [ > ] | [ << ] | [ Up ] | [ >> ] | [Top] | [Contents] | [Index] | [ ? ] |