跳到主要内容

TLS1.3 相比 TLS1.2 有何不同

以下摘自 RFC 5246: TLS 1.2

     Client                                               Server

ClientHello -------->
ServerHello
Certificate*
ServerKeyExchange*
CertificateRequest*
<-------- ServerHelloDone
Certificate*
ClientKeyExchange
CertificateVerify*
[ChangeCipherSpec]
Finished -------->
[ChangeCipherSpec]
<-------- Finished
Application Data <-------> Application Data

Figure 1. Message flow for a full handshake

* Indicates optional or situation-dependent messages that are not
always sent.

以下摘自 RFC 8446: TLS 1.3

   Client                                           Server

Key ^ ClientHello
Exch | + key_share*
| + signature_algorithms*
| + psk_key_exchange_modes*
v + pre_shared_key* -------->
ServerHello ^ Key
+ key_share* | Exch
+ pre_shared_key* v
{EncryptedExtensions} ^ Server
{CertificateRequest*} v Params
{Certificate*} ^
{CertificateVerify*} | Auth
{Finished} v
<-------- [Application Data*]
^ {Certificate*}
Auth | {CertificateVerify*}
v {Finished} -------->
[Application Data] <-------> [Application Data]

+ Indicates noteworthy extensions sent in the
previously noted message.

* Indicates optional or situation-dependent
messages/extensions that are not always sent.

{} Indicates messages protected using keys
derived from a [sender]_handshake_traffic_secret.

[] Indicates messages protected using keys
derived from [sender]_application_traffic_secret_N.

Figure 1: Message Flow for Full TLS Handshake
  • 握手时间从以前的 2RTT 缩短到 1RTT,通过 Pre shared-key 减少了单独的 ServerKeyExchange 与 ClientKeyExchange 消耗的一个 RTT
  • 0-RTT Resumption

参考