The following is a summary of the changes and how they impact TLS functionality. A number of optional features and extensions were added as well. However, these changes are largely invisible to the typical TLS user since they apply primarily to the TLS handshake state machine and session key generation.
NX NOMACHINE NX PUBLICKEY AUTHENTICATION FAIL UPDATE
The new version of the protocol is a fairly significant update that changes some fundamental aspects of the underlying security and performance of TLS. In August 2018, the TLS 1.3 specification was finalized. The TLS record is encapsulated by the transport layer network protocol in the same manner that a TCP packet is encapsulated by an IP packet. TLS handshake records have an additional header encapsulated within the larger TLS record. Every TLS record has a header, and TLS encrypted records also have a footer (checksum hash). TLS data is divided into records which are equivalent in concept to a TCP packet. TLS specifies a protocol to generate session keys which are created during the TLS handshake between a TLS client and server and those keys are used to encrypt data sent by the application during the TLS session. All versions of the official "SSL" protocol are considered obsolete and insecure and currently NetX Secure does not provide an SSL implementation. The last version of SSL was 3.0, and TLS 1.0 is sometimes referred to as SSL version 3.1. Secure Sockets Layer (SSL) was the original name of TLS before it became a standard in RFC 2246 and "SSL" is often used as a generic name for the TLS protocols. Implementations are provided for the now-deprecated TLS 1.0 and TLS 1.1, but they must be explicitly initialized and are not recommended for use in new products. NetX Secure TLS supports TLS versions 1.2 and 1.3. Also included are support routines for basic X.509 (RFC 5280). The secure network protocol component of NetX secure is an implementation of the Transport Layer Security (TLS) protocol as described in RFCs 2246 (version 1.0), 4346 (version 1.1), 5246 (version 1.2) and 8446 (version 1.3).
Transport Layer Security (TLS) and Secure Sockets Layer (SSL) From NetX/NetXDuo it requires the TCP/IP networking facilities and drivers. From ThreadX, it requires thread execution, suspension, periodic timers, and mutual exclusion facilities. NetX Secure assumes the existence of ThreadX and NetX/NetXDuo. There are two primary types of program execution in a NetX Secure TLS application: initialization and application interface calls. This chapter contains a functional description of Azure RTOS NetX Secure TLS.
0 kommentar(er)
