Transport Layer Security (TLS) Extensions

Created: 2005-11-15
Last Updated: 2018-06-25
Available Formats: XML
HTML
Plain text

Registries included below

ExtensionType Values
TLS Certificate Types
TLS Certificate Status Types
Application-Layer Protocol Negotiation (ALPN) Protocol IDs
TLS CachedInformationType Values

ExtensionType Values

Registration Procedure(s)

Specification Required

Expert(s)

Yoav Nir, Rich Salz, Nick Sullivan

Reference

[RFC-ietf-tls-tls13-28]

Available Formats

CSV

Value	Extension Name	TLS 1.3	Reference
0	server_name	CH, EE	[RFC6066]
1	max_fragment_length	CH, EE	[RFC6066]
2	client_certificate_url	-	[RFC6066]
3	trusted_ca_keys	-	[RFC6066]
4	truncated_hmac	-	[RFC6066]
5	status_request	CH, CR, CT	[RFC6066]
6	user_mapping	-	[RFC4681]
7	client_authz	-	[RFC5878]
8	server_authz	-	[RFC5878]
9	cert_type	-	[RFC6091]
10	supported_groups (renamed from "elliptic_curves")	CH, EE	[RFC-ietf-tls-rfc4492bis-17][RFC7919]
11	ec_point_formats	-	[RFC-ietf-tls-rfc4492bis-17]
12	srp	-	[RFC5054]
13	signature_algorithms	CH, CR	[RFC5246]
14	use_srtp	CH, EE	[RFC5764]
15	heartbeat	CH, EE	[RFC6520]
16	application_layer_protocol_negotiation	CH, EE	[RFC7301]
17	status_request_v2	-	[RFC6961]
18	signed_certificate_timestamp	CH, CR, CT	[RFC6962]
19	client_certificate_type	CH, EE	[RFC7250]
20	server_certificate_type	CH, EE	[RFC7250]
21	padding	CH	[RFC7685]
22	encrypt_then_mac	-	[RFC7366]
23	extended_master_secret	-	[RFC7627]
24	token_binding (TEMPORARY - registered 2016-02-04, extension registered 2018-01-02, expires 2019-02-04)	-	[draft-ietf-tokbind-negotiation]
25	cached_info	-	[RFC7924]
26	Unassigned
27	compress_certificate (TEMPORARY - registered 2018-05-23, expires 2019-05-23)	CH, CR	[draft-ietf-tls-certificate-compression]
28	record_size_limit	CH, EE	[RFC-ietf-tls-record-limit-03]
29-34	Unassigned
35	SessionTicket TLS	-	[RFC4507]
36-40	Unassigned
41	pre_shared_key	CH, SH	[RFC-ietf-tls-tls13-28]
42	early_data	CH, EE, NST	[RFC-ietf-tls-tls13-28]
43	supported_versions	CH, SH, HRR	[RFC-ietf-tls-tls13-28]
44	cookie	CH, HRR	[RFC-ietf-tls-tls13-28]
45	psk_key_exchange_modes	CH	[RFC-ietf-tls-tls13-28]
46	Unassigned
47	certificate_authorities	CH, CR	[RFC-ietf-tls-tls13-28]
48	oid_filters	CR	[RFC-ietf-tls-tls13-28]
49	post_handshake_auth	CH	[RFC-ietf-tls-tls13-28]
50	signature_algorithms_cert	CH, CR	[RFC-ietf-tls-tls13-28]
51	key_share	CH, SH, HRR	[RFC-ietf-tls-tls13-28]
52-65279	Unassigned
65280	Reserved for Private Use		[RFC-ietf-tls-tls13-28]
65281	renegotiation_info	-	[RFC5746]
65282-65535	Reserved for Private Use		[RFC-ietf-tls-tls13-28]

TLS Certificate Types

Reference: [RFC6091][RFC-ietf-tls-tls13-28]
Available Formats: CSV

Range	Registration Procedures
0-223	RFC Required
224-255	Reserved for Private Use

Value	Extension Name	Reference	Comment
0	X.509	[RFC6091]
1	OpenPGP_RESERVED	[RFC6091][RFC-ietf-tls-tls13-28]	Used in TLS versions prior to 1.3.
2	Raw Public Key	[RFC7250]
3-223	Unassigned
224-255	Reserved for Private Use	[RFC6091]

TLS Certificate Status Types

Registration Procedure(s)

IETF Review

Reference

[RFC6961][RFC-ietf-tls-tls13-28]

Available Formats

CSV

Value	Description	Reference	Comment
0	Reserved	[RFC6961]
1	ocsp	[RFC6066][RFC6961]
2	ocsp_multi_RESERVED	[RFC6961][RFC-ietf-tls-tls13-28]	Used in TLS versions prior to 1.3.
3-255	Unassigned

Application-Layer Protocol Negotiation (ALPN) Protocol IDs

Registration Procedure(s)

Expert Review

Expert(s)

Yoav Nir, Rich Salz, Nick Sullivan

Reference

[RFC7301]

Available Formats

CSV

Protocol	Identification Sequence	Reference
HTTP/0.9	0x68 0x74 0x74 0x70 0x2f 0x30 0x2e 0x39 ("http/0.9")	[RFC1945]
HTTP/1.0	0x68 0x74 0x74 0x70 0x2f 0x31 0x2e 0x30 ("http/1.0")	[RFC1945]
HTTP/1.1	0x68 0x74 0x74 0x70 0x2f 0x31 0x2e 0x31 ("http/1.1")	[RFC7230]
SPDY/1	0x73 0x70 0x64 0x79 0x2f 0x31 ("spdy/1")	[http://dev.chromium.org/spdy/spdy-protocol/spdy-protocol-draft1]
SPDY/2	0x73 0x70 0x64 0x79 0x2f 0x32 ("spdy/2")	[http://dev.chromium.org/spdy/spdy-protocol/spdy-protocol-draft2]
SPDY/3	0x73 0x70 0x64 0x79 0x2f 0x33 ("spdy/3")	[http://dev.chromium.org/spdy/spdy-protocol/spdy-protocol-draft3]
Traversal Using Relays around NAT (TURN)	0x73 0x74 0x75 0x6E 0x2E 0x74 0x75 0x72 0x6E ("stun.turn")	[RFC7443]
NAT discovery using Session Traversal Utilities for NAT (STUN)	0x73 0x74 0x75 0x6E 0x2E 0x6e 0x61 0x74 0x2d 0x64 0x69 0x73 0x63 0x6f 0x76 0x65 0x72 0x79 ("stun.nat-discovery")	[RFC7443]
HTTP/2 over TLS	0x68 0x32 ("h2")	[RFC7540]
HTTP/2 over TCP	0x68 0x32 0x63 ("h2c")	[1][RFC7540]
WebRTC Media and Data	0x77 0x65 0x62 0x72 0x74 0x63 ("webrtc")	[RFC-ietf-rtcweb-alpn-04]
Confidential WebRTC Media and Data	0x63 0x2d 0x77 0x65 0x62 0x72 0x74 0x63 ("c-webrtc")	[RFC-ietf-rtcweb-alpn-04]
FTP	0x66 0x74 0x70 ("ftp")	[RFC959][RFC4217]
IMAP	0x69 0x6d 0x61 0x70 ("imap")	[RFC2595]
POP3	0x70 0x6f 0x70 0x33 ("pop3")	[RFC2595]
ManageSieve	0x6d 0x61 0x6e 0x61 0x67 0x65 0x73 0x69 0x65 0x76 0x65 ("managesieve")	[RFC5804]
CoAP	0x63 0x6f 0x61 0x70 ("coap")	[RFC8323]
XMPP jabber:client namespace	0x78 0x6d 0x70 0x70 0x2d 0x63 0x6c 0x69 0x65 0x6e 0x74 ("xmpp-client")	[https://xmpp.org/extensions/xep-0368.html]
XMPP jabber:server namespace	0x78 0x6d 0x70 0x70 0x2d 0x73 0x65 0x72 0x76 0x65 0x72 ("xmpp-server")	[https://xmpp.org/extensions/xep-0368.html]

TLS CachedInformationType Values

Expert(s)

Yoav Nir, Rich Salz, Nick Sullivan

Reference

[RFC7924]

Available Formats

CSV

Range	Registration Procedures
0-63	Standards Action
64-223	Specification Required

Value	Description	Reference
0	Reserved	[RFC7924]
1	cert	[RFC7924]
2	cert_req	[RFC7924]
3-223	Unassigned
224-255	Reserved for Private Use	[RFC7924]

Footnote

[1]	This entry reserves an identifier for use within a cleartext version of a protocol and is not allowed to appear in a TLS ALPN negotiation.