Transport Layer Security (tls)

Last Modified: 2006-04-17

Additional information is available at


  • Eric Rescorla <>

  • Pasi Eronen <>

    Security Area Director(s):

  • Russ Housley <>
  • Sam Hartman <>

    Security Area Advisor:

  • Russ Housley <>

    Technical Advisor(s):

  • Allison Mankin <>

    Mailing Lists:

    General Discussion:
    To Subscribe:

    Description of Working Group:

    The TLS Working Group was established in 1996 to standardize a
    'transport layer' security protocol. The working group began with SSL
    version 3.0. The TLS Working Group has completed a series of
    specifications that describe the Transport Layer Security protocol
    versions 1.0 and 1.1, extensions to the protocol, and new
    ciphersuites to be used with TLS.

    The primary goal of the WG is to publish a revision of TLS, version
    1.2, that removes the protocol's dependency on the MD5 and SHA-1 digest
    algorithms, which have been either wholly or partially compromised by
    recent research. The TLS WG will also work on new authenticated
    encryption modes for TLS, including modes based on counter mode
    encryption (CTR) and combined encryption/authentication modes, and
    may define major new cipher suites for TLS for this purpose. In the
    preparation of TLS 1.2, the WG will attempt to avoid gratuitous
    changes to TLS 1.1.

    Goals and Milestones:

    Done  Agreement on charter and issues in current draft.
    Done  Final draft for Secure Transport Layer Protocol ('STLP')
    Done  Working group 'Last Call'
    Done  Submit to IESG for consideration as a Proposed Standard.
    Done  First revised draft of TLS specification
    Done  TSL 1.1 Specification
    Done  First draft of TLS 1.2 specification, including CTR mode cipher suites
    Done  First draft of specification for cipher suites with combined encryption/authentication modes
    Dec 2006  Submit specification of TLS 1.2 specification to IESG for publication as Proposed Standard
    Dec 2006  Submit specification of cipher suites with combined encryption/authentication modes to IESG for publication, with at least one of these suites to be Proposed Standard


    Using SRP for TLS Authentication (45208 bytes)
    Using OpenPGP keys for TLS authentication (17511 bytes)
    AES Counter Mode Cipher Suites for TLS and DTLS (18658 bytes)
    The TLS Protocol Version 1.2 (243659 bytes)
    Pre-Shared Key Cipher Suites with NULL Encryption for Transport Layer Security (TLS) (9478 bytes)
    Clientside interoperability experiences for the SSL and TLS protocols (78250 bytes)

    Request For Comments:

    The TLS Protocol Version 1.0 (RFC 2246) (170401 bytes) obsoleted by RFC 4346/ updated by RFC 3546
    Addition of Kerberos Cipher Suites to Transport Layer Security (TLS) (RFC 2712) (13763 bytes)
    Upgrading to TLS Within HTTP/1.1 (RFC 2817) (27598 bytes) updates RFC 2616
    HTTP Over TLS (RFC 2818) (15170 bytes)
    AES Ciphersuites for TLS (RFC 3268) (13530 bytes)
    Transport Layer Security (TLS) Extensions (RFC 3546) (63437 bytes) updates RFC 2246
    Transport Layer Security Protocol Compression Methods (RFC 3749) (16411 bytes)
    Addition of Camellia Cipher Suites to Transport Layer Security (TLS) (RFC 4132) (13590 bytes)
    Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) (RFC 4279) (32160 bytes)
    The The Transport Layer Security (TLS) Protocol Version 1.1 (RFC 4346) (187041 bytes) obsoletes RFC 2246/ updated by RFC 4680,RFC 4681
    Transport Layer Security (TLS) Extensions (RFC 4366) (66040 bytes)
    Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) (RFC 4492) (72231 bytes)

    IETF Secretariat - Please send questions, comments, and/or suggestions to

    Return to working group directory.

    Return to IETF home page.