Browse Prior Art Database

HTTP Over TLS (RFC2818)

IP.com Disclosure Number: IPCOM000003417D
Original Publication Date: 2000-May-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 6 page(s) / 14K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

E. Rescorla: AUTHOR

Abstract

This memo describes how to use TLS to secure HTTP connections over the Internet. Current practice is to layer HTTP over SSL (the predecessor to TLS), distinguishing secured traffic from insecure traffic by the use of a different server port. This document documents that practice using TLS. A companion document describes a method for using HTTP/TLS over the same port as normal HTTP [RFC2817].

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 21% of the total text.

Network Working Group E. Rescorla

Request for Comments: 2818 RTFM, Inc.

Category: Informational May 2000

HTTP Over TLS

Status of this Memo

This memo provides information for the Internet community. It does

not specify an Internet standard of any kind. Distribution of this

memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This memo describes how to use TLS to secure HTTP connections over

the Internet. Current practice is to layer HTTP over SSL (the

predecessor to TLS), distinguishing secured traffic from insecure

traffic by the use of a different server port. This document

documents that practice using TLS. A companion document describes a

method for using HTTP/TLS over the same port as normal HTTP

[RFC2817].

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . 2

1.1. Requirements Terminology . . . . . . . . . . . . . . . 2

2. HTTP Over TLS . . . . . . . . . . . . . . . . . . . . . . 2

2.1. Connection Initiation . . . . . . . . . . . . . . . . . 2

2.2. Connection Closure . . . . . . . . . . . . . . . . . . 2

2.2.1. Client Behavior . . . . . . . . . . . . . . . . . . . 3

2.2.2. Server Behavior . . . . . . . . . . . . . . . . . . . 3

2.3. Port Number . . . . . . . . . . . . . . . . . . . . . . 4

2.4. URI Format . . . . . . . . . . . . . . . . . . . . . . 4

3. Endpoint Identification . . . . . . . . . . . . . . . . . 4

3.1. Server Identity . . . . . . . . . . . . . . . . . . . . 4

3.2. Client Identity . . . . . . . . . . . . . . . . . . . . 5

References . . . . . . . . . . . . . . . . . . . . . . . . . 6

Security Considerations . . . . . . . . . . . . . . . . . . 6

Author's Address . . . . . . . . . . . . . . . . . . . . . . 6

Full Copyright Statement . . . . . . . . . . . . . . . . . . 7

1. Introduction

HTTP [RFC2616] was originally used in the clear on the Internet.

However, increased use of HTTP for sensitive applications has

required security measures. SSL, and its successor TLS [RFC2246] were

designed to provide channel-oriented security. This document

describes how to use HTTP over TLS.

1.1. Requirements Terminology

Keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT" and

"MAY" that appear in this document are to be interpreted as described

in [RFC2119].

2. HTTP Over TLS

Conceptually, HTTP/TLS is very simple. Simply use HTTP over TLS

precisely as you would use HTTP over TCP.

2.1. Connection Initiation

The agent acting as the HTTP client should also act as the TLS

client. It should initiate a connection to the server on the

appropriate port and then send the TLS ClientHello to begin the TLS

handshake. When the TLS handshake has finished. The client may then

initiate the first HTTP request. All HTTP data MUST be sent as TLS

"app...