Internet Assigned Numbers Authority Transport Layer Security (TLS) Extensions Created 2005-11-15 Last Updated 2024-11-20 Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registries included below • TLS ExtensionType Values • TLS Certificate Types • TLS Certificate Status Types • TLS Application-Layer Protocol Negotiation (ALPN) Protocol IDs • TLS CachedInformationType Values • TLS Certificate Compression Algorithm IDs TLS ExtensionType Values Registration Procedure(s) Specification Required Expert(s) Yoav Nir, Rich Salz, Nick Sullivan Reference [RFC8446][RFC8447][RFC9146] Note Registration requests should be sent to the mailing list described in [RFC 8447, Section 17]. If approved, designated experts should notify IANA within three weeks. For assistance, please contact iana@iana.org. Note The role of the designated expert is described in [RFC8447]. The designated expert [RFC8126] ensures that the specification is publicly available. It is sufficient to have an Internet-Draft (that is posted and never published as an RFC) or a document from another standards body, industry consortium, university site, etc. The expert may provide more in-depth reviews, but their approval should not be taken as an endorsement of the extension. Note As specified in [RFC8126], assignments made in the Private Use space are not generally useful for broad interoperability. It is the responsibility of those making use of the Private Use range to ensure that no conflicts occur (within the intended scope of use). For widespread experiments, temporary reservations are available. Note If an item is not marked as "Recommended", it does not necessarily mean that it is flawed; rather, it indicates that the item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases. Note The addition of the "CR" to the "TLS 1.3" column for the server_name(0) extension only marks the extension as valid in a ClientCertificateRequest created as part of client-generated authenticator requests. Available Formats [IMG] CSV Value Extension Name TLS 1.3 DTLS-Only Recommended Reference 0 server_name CH, EE, CR N Y [RFC6066][RFC9261] 1 max_fragment_length CH, EE N N [RFC6066][RFC8449] 2 client_certificate_url - N Y [RFC6066] 3 trusted_ca_keys - N Y [RFC6066] 4 truncated_hmac - N N [RFC6066][IESG Action 2018-08-16] 5 status_request CH, CR, CT N Y [RFC6066] 6 user_mapping - N Y [RFC4681] 7 client_authz - N N [RFC5878] 8 server_authz - N N [RFC5878] 9 cert_type - N N [RFC6091] 10 supported_groups (renamed from CH, EE N Y [RFC8422][RFC7919] "elliptic_curves") 11 ec_point_formats - N Y [RFC8422] 12 srp - N N [RFC5054] 13 signature_algorithms CH, CR N Y [RFC8446] 14 use_srtp CH, EE N Y [RFC5764] 15 heartbeat CH, EE N Y [RFC6520] 16 application_layer_protocol_negotiation CH, EE N Y [RFC7301] 17 status_request_v2 - N Y [RFC6961] 18 signed_certificate_timestamp CH, CR, CT N N [RFC6962] 19 client_certificate_type CH, EE N Y [RFC7250] 20 server_certificate_type CH, EE N Y [RFC7250] 21 padding CH N Y [RFC7685] 22 encrypt_then_mac - N Y [RFC7366] 23 extended_master_secret - N Y [RFC7627] 24 token_binding - N Y [RFC8472] 25 cached_info - N Y [RFC7924] 26 tls_lts - N N [draft-gutmann-tls-lts] 27 compress_certificate CH, CR N Y [RFC8879] 28 record_size_limit CH, EE N Y [RFC8449] 29 pwd_protect CH N N [RFC8492] 30 pwd_clear CH N N [RFC8492] 31 password_salt CH, SH, HRR N N [RFC8492] 32 ticket_pinning CH, EE N N [RFC8672] 33 tls_cert_with_extern_psk CH, SH N N [RFC8773] 34 delegated_credential CH, CR, CT N Y [RFC9345] 35 session_ticket (renamed from - N Y [RFC5077][RFC8447] "SessionTicket TLS") 36 TLMSP - N N [ETSI TS 103 523-2] 37 TLMSP_proxying - N N [ETSI TS 103 523-2] 38 TLMSP_delegate - N N [ETSI TS 103 523-2] 39 supported_ekt_ciphers CH, EE N Y [RFC8870] 40 Reserved [tls-reg-review mailing list] 41 pre_shared_key CH, SH N Y [RFC8446] 42 early_data CH, EE, NST N Y [RFC8446] 43 supported_versions CH, SH, HRR N Y [RFC8446] 44 cookie CH, HRR N Y [RFC8446] 45 psk_key_exchange_modes CH N Y [RFC8446] 46 Reserved [tls-reg-review mailing list] 47 certificate_authorities CH, CR N Y [RFC8446] 48 oid_filters CR N Y [RFC8446] 49 post_handshake_auth CH N Y [RFC8446] 50 signature_algorithms_cert CH, CR N Y [RFC8446] 51 key_share CH, SH, HRR N Y [RFC8446][RFC Errata 5483] 52 transparency_info CH, CR, CT N Y [RFC9162] 53 connection_id (deprecated) - Y N [RFC9146] 54 connection_id CH, SH Y N [RFC9146] 55 external_id_hash CH, EE N Y [RFC8844] 56 external_session_id CH, EE N Y [RFC8844] 57 quic_transport_parameters CH, EE N Y [RFC9001] 58 ticket_request CH, EE N Y [RFC9149] 59 dnssec_chain CH, CT N N [RFC9102][RFC Errata 6860] 60 sequence_number_encryption_algorithms CH, HRR, SH Y N [draft-pismenny-tls-dtls-plaintext-sequence-number-01] 61 rrc CH, SH Y N [draft-ietf-tls-dtls-rrc-10] 62 tls_flags CH,SH,HRR,EE,CR,CT,NST N N [draft-ietf-tls-tlsflags-14] 63-2569 Unassigned 2570 Reserved CH, CR, NST N N [RFC8701] 2571-6681 Unassigned 6682 Reserved CH, CR, NST N N [RFC8701] 6683-10793 Unassigned 10794 Reserved CH, CR, NST N N [RFC8701] 10795-14905 Unassigned 14906 Reserved CH, CR, NST N N [RFC8701] 14907-19017 Unassigned 19018 Reserved CH, CR, NST N N [RFC8701] 19019-23129 Unassigned 23130 Reserved CH, CR, NST N N [RFC8701] 23131-27241 Unassigned 27242 Reserved CH, CR, NST N N [RFC8701] 27243-31353 Unassigned 31354 Reserved CH, CR, NST N N [RFC8701] 31355-35465 Unassigned 35466 Reserved CH, CR, NST N N [RFC8701] 35467-39577 Unassigned 39578 Reserved CH, CR, NST N N [RFC8701] 39579-43689 Unassigned 43690 Reserved CH, CR, NST N N [RFC8701] 43691-47801 Unassigned 47802 Reserved CH, CR, NST N N [RFC8701] 47803-51913 Unassigned 51914 Reserved CH, CR, NST N N [RFC8701] 51915-56025 Unassigned 56026 Reserved CH, CR, NST N N [RFC8701] 56027-60137 Unassigned 60138 Reserved CH, CR, NST N N [RFC8701] 60139-64249 Unassigned 64250 Reserved CH, CR, NST N N [RFC8701] 64251-64767 Unassigned 64768 ech_outer_extensions CH [2] N N [draft-ietf-tls-esni-17] 64769-65036 Unassigned 65037 encrypted_client_hello CH, HRR, EE N N [draft-ietf-tls-esni-17] 65038-65279 Unassigned 65280 Reserved for Private Use [RFC8446] 65281 renegotiation_info - N Y [RFC5746] 65282-65535 Reserved for Private Use [RFC8446] TLS Certificate Types Registration Procedure(s) Specification Required Expert(s) Yoav Nir, Rich Salz, Nick Sullivan Reference [RFC6091][RFC8446][RFC8447] Note Registration requests should be sent to the mailing list described in [RFC 8447, Section 17]. If approved, designated experts should notify IANA within three weeks. For assistance, please contact iana@iana.org. Note The role of the designated expert is described in [RFC8447]. The designated expert [RFC8126] ensures that the specification is publicly available. It is sufficient to have an Internet-Draft (that is posted and never published as an RFC) or a document from another standards body, industry consortium, university site, etc. The expert may provide more in-depth reviews, but their approval should not be taken as an endorsement of the certificate type. Note If an item is not marked as "Recommended", it does not necessarily mean that it is flawed; rather, it indicates that the item either has not been through the IETF consensus process, has limited applicability, or is intended only for specific use cases. Available Formats [IMG] CSV Value Name Recommended Reference Comment 0 X509 Y [RFC6091][RFC Errata 5976] Was X.509 before TLS 1.3. 1 OpenPGP_RESERVED N [RFC6091][RFC8446] Used in TLS versions prior to 1.3. 2 Raw Public Key Y [RFC7250] 3 1609Dot2 N [RFC8902] 4-223 Unassigned 224-255 Reserved for Private Use [RFC6091] TLS Certificate Status Types Registration Procedure(s) IETF Review Reference [RFC6961][RFC8446] Available Formats [IMG] CSV Value Description Reference Comment 0 Reserved [RFC6961] 1 ocsp [RFC6066][RFC6961] 2 ocsp_multi_RESERVED [RFC6961][RFC8446] Used in TLS versions prior to 1.3. 3-255 Unassigned TLS Application-Layer Protocol Negotiation (ALPN) Protocol IDs Registration Procedure(s) Expert Review Expert(s) Yoav Nir, Rich Salz, Nick Sullivan Reference [RFC7301][RFC8447] Note Registration requests should be sent to the mailing list described in [RFC 8447, Section 17]. If approved, designated experts should notify IANA within three weeks. For assistance, please contact iana@iana.org. Available Formats [IMG] CSV Protocol Identification Reference Sequence Reserved 0x0A 0x0A [RFC8701] Reserved 0x1A 0x1A [RFC8701] Reserved 0x2A 0x2A [RFC8701] Reserved 0x3A 0x3A [RFC8701] Reserved 0x4A 0x4A [RFC8701] Reserved 0x5A 0x5A [RFC8701] Reserved 0x6A 0x6A [RFC8701] Reserved 0x7A 0x7A [RFC8701] Reserved 0x8A 0x8A [RFC8701] Reserved 0x9A 0x9A [RFC8701] Reserved 0xAA 0xAA [RFC8701] Reserved 0xBA 0xBA [RFC8701] Reserved 0xCA 0xCA [RFC8701] Reserved 0xDA 0xDA [RFC8701] Reserved 0xEA 0xEA [RFC8701] Reserved 0xFA 0xFA [RFC8701] 0x68 0x74 0x74 0x70 HTTP/0.9 0x2f 0x30 0x2e 0x39 [RFC1945] ("http/0.9") 0x68 0x74 0x74 0x70 HTTP/1.0 0x2f 0x31 0x2e 0x30 [RFC1945] ("http/1.0") 0x68 0x74 0x74 0x70 HTTP/1.1 0x2f 0x31 0x2e 0x31 [RFC9112] ("http/1.1") SPDY/1 0x73 0x70 0x64 0x79 [http://dev.chromium.org/spdy/spdy-protocol/spdy-protocol-draft1] 0x2f 0x31 ("spdy/1") SPDY/2 0x73 0x70 0x64 0x79 [http://dev.chromium.org/spdy/spdy-protocol/spdy-protocol-draft2] 0x2f 0x32 ("spdy/2") SPDY/3 0x73 0x70 0x64 0x79 [http://dev.chromium.org/spdy/spdy-protocol/spdy-protocol-draft3] 0x2f 0x33 ("spdy/3") Traversal 0x73 0x74 0x75 0x6E Using Relays 0x2E 0x74 0x75 0x72 [RFC7443] around NAT 0x6E ("stun.turn") (TURN) NAT discovery 0x73 0x74 0x75 0x6E using Session 0x2E 0x6e 0x61 0x74 Traversal 0x2d 0x64 0x69 0x73 [RFC7443] Utilities for 0x63 0x6f 0x76 0x65 NAT (STUN) 0x72 0x79 ("stun.nat-discovery") HTTP/2 over 0x68 0x32 ("h2") [RFC9113] TLS HTTP/2 over 0x68 0x32 0x63 ("h2c") [1][RFC9113] TCP WebRTC Media 0x77 0x65 0x62 0x72 [RFC8833] and Data 0x74 0x63 ("webrtc") Confidential 0x63 0x2d 0x77 0x65 WebRTC Media 0x62 0x72 0x74 0x63 [RFC8833] and Data ("c-webrtc") FTP 0x66 0x74 0x70 ("ftp") [RFC959][RFC4217] IMAP 0x69 0x6d 0x61 0x70 [RFC2595] ("imap") POP3 0x70 0x6f 0x70 0x33 [RFC2595] ("pop3") 0x6d 0x61 0x6e 0x61 ManageSieve 0x67 0x65 0x73 0x69 [RFC5804] 0x65 0x76 0x65 ("managesieve") CoAP (over 0x63 0x6f 0x61 0x70 [RFC8323] TLS) ("coap") CoAP (over 0x63 0x6f ("co") [draft-lenders-core-coap-dtls-svcb-00] DTLS) XMPP 0x78 0x6d 0x70 0x70 jabber:client 0x2d 0x63 0x6c 0x69 [https://xmpp.org/extensions/xep-0368.html] namespace 0x65 0x6e 0x74 ("xmpp-client") XMPP 0x78 0x6d 0x70 0x70 jabber:server 0x2d 0x73 0x65 0x72 [https://xmpp.org/extensions/xep-0368.html] namespace 0x76 0x65 0x72 ("xmpp-server") 0x61 0x63 0x6d 0x65 acme-tls/1 0x2d 0x74 0x6c 0x73 [RFC8737] 0x2f 0x31 ("acme-tls/1") OASIS Message Queuing 0x6d 0x71 0x74 0x74 Telemetry (“mqtt”) [http://docs.oasis-open.org/mqtt/mqtt/v5.0/mqtt-v5.0.html] Transport (MQTT) DNS-over-TLS 0x64 0x6F 0x74 ("dot") [RFC7858] Network Time 0x6E 0x74 0x73 0x6B Security Key 0x65 0x2F 0x31 [RFC8915, Section 4] Establishment, ("ntske/1") version 1 SunRPC 0x73 0x75 0x6e 0x72 [RFC9289] 0x70 0x63 ("sunrpc") HTTP/3 0x68 0x33 ("h3") [RFC9114] SMB2 0x73 0x6D 0x62 (“smb”) [https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-smb2/5606ad47-5ee0-437a-817e-70c366052962] IRC 0x69 0x72 0x63 ("irc") [RFC1459] NNTP (reading) 0x6E 0x6E 0x74 0x70 [RFC3977] ("nntp") NNTP (transit) 0x6E 0x6E 0x73 0x70 [RFC3977] ("nnsp") DoQ 0x64 0x6F 0x71 ("doq") [RFC9250] SIP 0x73 0x69 0x70 0x2f [RFC3261] 0x32 ("sip/2") 0x74 0x64 0x73 0x2f TDS/8.0 0x38 0x2e 0x30 [[MS-TDS]: Tabular Data Stream Protocol] ("tds/8.0") DICOM 0x64 0x69 0x63 0x6f [https://www.dicomstandard.org/current] 0x6d ("dicom") 0x70 0x6F 0x73 0x74 PostgreSQL 0x67 0x72 0x65 0x73 [https://www.postgresql.org/docs/current/protocol.html] 0x71 0x6C ("postgresql") 0x72 0x61 0x64 0x69 RADIUS/1.0 0x75 0x73 0x2f 0x31 [RFC-ietf-radext-radiusv11-11] 0x2e 0x30 ("radius/1.0") 0x72 0x61 0x64 0x69 RADIUS/1.1 0x75 0x73 0x2f 0x31 [RFC-ietf-radext-radiusv11-11] 0x2e 0x31 ("radius/1.1") TLS CachedInformationType Values Expert(s) Yoav Nir, Rich Salz, Nick Sullivan Reference [RFC7924] Note Requests for assignments from the registry's Specification Required range should be sent to the mailing list described in [RFC 8447, Section 17]. If approved, designated experts should notify IANA within three weeks. For assistance, please contact iana@iana.org. Available Formats [IMG] CSV Range Registration Procedures 0-63 Standards Action 64-223 Specification Required Value Description Reference 0 Reserved [RFC7924] 1 cert [RFC7924] 2 cert_req [RFC7924] 3-223 Unassigned 224-255 Reserved for Private Use [RFC7924] TLS Certificate Compression Algorithm IDs Expert(s) Yoav Nir, Rich Salz, Nick Sullivan Reference [RFC8879] Note Requests for assignments from the registry's Specification Required range should be sent to the mailing list described in [RFC 8447, Section 17]. If approved, designated experts should notify IANA within three weeks. For assistance, please contact iana@iana.org. Available Formats [IMG] CSV Range Registration Procedures 1-255 IETF Review 256-16383 Specification Required 16384-65535 Experimental Use Algorithm Number Description Reference 0 Reserved [RFC8879] 1 zlib [RFC8879] 2 brotli [RFC8879] 3 zstd [RFC8879] 4-16383 Unassigned 16384-65535 Reserved for Experimental Use [RFC8879] Footnotes [1] This entry reserves an identifier for use within a cleartext version of a protocol and is not allowed to appear in a TLS ALPN negotiation. [2] Only appears in inner CH. Licensing Terms