Exams of IT, IT Certification, Plaintext integrity, Security of generic composition, TLS Record protocol

Limits on key usage – TLS Record Protocol Revisited
Posted by Whitney Koehler

17.6 Limits on key usage

TLS 1.3 specification defines cryptographic limits for the total amount of plaintext that can be securely encrypted using a given set of keys. Assuming that the underlying cryptographic primitives AES or ChaCha20 have no mathematical weaknesses – an assumption made by TLS 1.3 authors – up to 224.5 full-size records, that is, about 24 million records, can be securely encrypted using AES-GCM. In the case of ChaCha20/Poly1305, the TLS record sequence number would wrap before the cryptographic limit for this algorithm is reached.

17.7 An experiment with the OpenSSL s_client

We use the OpenSSL s˙client again to see the TLS record protocol at work. For this purpose, we use the OpenSSL Docker container from the previous chapter.

17.7.1 Getting started

To start the container, execute the following command:

$ docker container run –rm -it openssl310

Once the Docker container is up and running, it will give you a command-line prompt similar to the following one, where you can call the s˙client tool:

root@07c3ba265c69:/opt/openssl#

17.7.2 Retrieving a website via TLS

Our goal is to retrieve a web page from the server in order to see what the TLS records look like. To demonstrate this, we will use the website www.cr.yp.to of the American-German mathematician and cryptographer Daniel (Dan) Bernstein, the author of the x25519 elliptic curve.

HTTP uses a GET request method to retrieve a web page. The GET request specifies the path of the page to be retrieved and the HTTP version. The standard HTTP version since the late 1990s is HTTP/1.1 and we will use the root of the web page, denoted by a slash /, as the web page to be retrieved.

Since HTTP is a line-based protocol, the GET request and its parameters go into a single line:


GET / HTTP/1.1

In addition to the GET method, an HTTP request consists of one or more of so-called request header fields. In our case, we need to specify the hostname like this:


Host: cr.yp.to

The HTTP protocol specifies that the request line GET / HTTP/1.1 must be followed by a carriage return and a new line, and the request header field must be followed by two consecutive carriage returns and line feeds. To address this – because we want to use s˙client in interactive mode – we will call the tool with the -crlf option, which translates a line feed from the terminal, that is, the press of the Enter key, into the carriage return + line feed sequence.

Related Post

Leave A Comment