Browse Prior Art Database

HTTP Over TLS (RFC2818)

IP.com Disclosure Number: IPCOM000003417D
Original Publication Date: 2000-May-01
Included in the Prior Art Database: 2019-Feb-10
Document File: 7 page(s) / 10K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

E. Rescorla: AUTHOR

Related Documents

10.17487/RFC2818: DOI

Abstract

This memo describes how to use Transport Layer Security (TLS) to secure Hypertext Transfer Protocol (HTTP) connections over the Internet. This memo provides information for the Internet community.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 23% of the total text.

Network Working Group E. Rescorla Request for Comments: 2818 RTFM, Inc. Category: Informational May 2000

HTTP Over TLS

Status of this Memo

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

Copyright Notice

Copyright (C) The Internet Society (2000). All Rights Reserved.

Abstract

This memo describes how to use TLS to secure HTTP connections over the Internet. Current practice is to layer HTTP over SSL (the predecessor to TLS), distinguishing secured traffic from insecure traffic by the use of a different server port. This document documents that practice using TLS. A companion document describes a method for using HTTP/TLS over the same port as normal HTTP [RFC2817].

Table of Contents

1. Introduction . . . . . . . . . . . . . . . . . . . . . . 2 1.1. Requirements Terminology . . . . . . . . . . . . . . . 2 2. HTTP Over TLS . . . . . . . . . . . . . . . . . . . . . . 2 2.1. Connection Initiation . . . . . . . . . . . . . . . . . 2 2.2. Connection Closure . . . . . . . . . . . . . . . . . . 2 2.2.1. Client Behavior . . . . . . . . . . . . . . . . . . . 3 2.2.2. Server Behavior . . . . . . . . . . . . . . . . . . . 3 2.3. Port Number . . . . . . . . . . . . . . . . . . . . . . 4 2.4. URI Format . . . . . . . . . . . . . . . . . . . . . . 4 3. Endpoint Identification . . . . . . . . . . . . . . . . . 4 3.1. Server Identity . . . . . . . . . . . . . . . . . . . . 4 3.2. Client Identity . . . . . . . . . . . . . . . . . . . . 5 References . . . . . . . . . . . . . . . . . . . . . . . . . 6 Security Considerations . . . . . . . . . . . . . . . . . . 6 Author’s Address . . . . . . . . . . . . . . . . . . . . . . 6 Full Copyright Statement . . . . . . . . . . . . . . . . . . 7

Rescorla Informational [Page 1]

RFC 2818 HTTP Over TLS May 2000

1. Introduction

HTTP [RFC2616] was originally used in the clear on the Internet. However, increased use of HTTP for sensitive applications has required security measures. SSL, and its successor TLS [RFC2246] were designed to provide channel-oriented security. This document describes how to use HTTP over TLS.

1.1. Requirements Terminology

Keywords "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT" and "MAY" that appear in this document are to be interpreted as described in [RFC2119].

2. HTTP Over TLS

Conceptually, HTTP/TLS is very simple. Simply use HTTP over TLS precisely as you would use HTTP over TCP.

2.1. Connection Initiation

The agent acting as the HTTP client should also act as the TLS client. It should initiate a connection to the server on the appropriate port and then send the TLS ClientHello to begin the TLS handshake. When the TLS handshake has finished. The client may then initiate the first HTTP request. All HTTP data MUST be sent as TLS "application data". Normal HTTP behavior, including retained connections should be followed.

2.2. Connection Closure

TLS provides a facility for secure connection cl...

Processing...
Loading...