Transport Layer Security (TLS) Extensions

Created
2005-11-15
Last Updated
2018-08-16
Available Formats

XML

HTML

Plain text

Registries included below

TLS ExtensionType Values

Registration Procedure(s)
Specification Required
Expert(s)
Yoav Nir, Rich Salz, Nick Sullivan
Reference
[RFC8446][RFC8447]
Note
The role of the designated expert is described in [RFC8447].
The designated expert [RFC8126] ensures that the specification is
publicly available.  It is sufficient to have an Internet-Draft
(that is posted and never published as an RFC) or a document from
another standards body, industry consortium, university site, etc.
The expert may provide more in-depth reviews, but their approval
should not be taken as an endorsement of the extension.  
    
Note
As specified in [RFC8126], assignments made in the Private Use
space are not generally useful for broad interoperability.  It is
the responsibility of those making use of the Private Use range to
ensure that no conflicts occur (within the intended scope of use).
For widespread experiments, temporary reservations are available.
    
Note
If an item is not marked as "Recommended", it does not
necessarily mean that it is flawed; rather, it indicates that the
item either has not been through the IETF consensus process, has
limited applicability, or is intended only for specific use cases.
    
Available Formats

CSV
Value Extension Name TLS 1.3 Recommended Reference
0 server_name CH, EE Y [RFC6066]
1 max_fragment_length CH, EE N [RFC6066][RFC8449]
2 client_certificate_url - Y [RFC6066]
3 trusted_ca_keys - Y [RFC6066]
4 truncated_hmac - N [RFC6066]
5 status_request CH, CR, CT Y [RFC6066]
6 user_mapping - Y [RFC4681]
7 client_authz - N [RFC5878]
8 server_authz - N [RFC5878]
9 cert_type - N [RFC6091]
10 supported_groups (renamed from "elliptic_curves") CH, EE Y [RFC8422][RFC7919]
11 ec_point_formats - Y [RFC8422]
12 srp - N [RFC5054]
13 signature_algorithms CH, CR Y [RFC8446]
14 use_srtp CH, EE Y [RFC5764]
15 heartbeat CH, EE Y [RFC6520]
16 application_layer_protocol_negotiation CH, EE Y [RFC7301]
17 status_request_v2 - Y [RFC6961]
18 signed_certificate_timestamp CH, CR, CT N [RFC6962]
19 client_certificate_type CH, EE Y [RFC7250]
20 server_certificate_type CH, EE Y [RFC7250]
21 padding CH Y [RFC7685]
22 encrypt_then_mac - Y [RFC7366]
23 extended_master_secret - Y [RFC7627]
24 token_binding - Y [RFC-ietf-tokbind-negotiation-14]
25 cached_info - Y [RFC7924]
26 Unassigned
27 compress_certificate (TEMPORARY - registered 2018-05-23, expires 2019-05-23) CH, CR Y [draft-ietf-tls-certificate-compression]
28 record_size_limit CH, EE Y [RFC8449]
29 pwd_protect CH N [RFC-harkins-tls-dragonfly-03]
30 pwd_clear CH N [RFC-harkins-tls-dragonfly-03]
31 password_salt CH, SH, HRR N [RFC-harkins-tls-dragonfly-03]
32-34 Unassigned
35 session_ticket (renamed from "SessionTicket TLS") - Y [RFC5077][RFC8447]
36-40 Unassigned
41 pre_shared_key CH, SH Y [RFC8446]
42 early_data CH, EE, NST Y [RFC8446]
43 supported_versions CH, SH, HRR Y [RFC8446]
44 cookie CH, HRR Y [RFC8446]
45 psk_key_exchange_modes CH Y [RFC8446]
46 Unassigned
47 certificate_authorities CH, CR Y [RFC8446]
48 oid_filters CR Y [RFC8446]
49 post_handshake_auth CH Y [RFC8446]
50 signature_algorithms_cert CH, CR Y [RFC8446]
51 key_share CH, SH, HRR Y [RFC8446]
52-65279 Unassigned
65280 Reserved for Private Use [RFC8446]
65281 renegotiation_info - Y [RFC5746]
65282-65535 Reserved for Private Use [RFC8446]

TLS Certificate Types

Registration Procedure(s)
Specification Required
Expert(s)
Yoav Nir, Rich Salz, Nick Sullivan
Reference
[RFC6091][RFC8446][RFC8447]
Note
The role of the designated expert is described in [RFC8447].
The designated expert [RFC8126] ensures that the specification is
publicly available.  It is sufficient to have an Internet-Draft
(that is posted and never published as an RFC) or a document from
another standards body, industry consortium, university site, etc.
The expert may provide more in-depth reviews, but their approval
should not be taken as an endorsement of the certificate type.
    
Note
If an item is not marked as "Recommended", it does not
necessarily mean that it is flawed; rather, it indicates that
the item either has not been through the IETF consensus process,
has limited applicability, or is intended only for specific use
cases.
    
Available Formats

CSV
Value Extension Name Recommended Reference Comment
0 X.509 Y [RFC6091]
1 OpenPGP_RESERVED N [RFC6091][RFC8446] Used in TLS versions prior to 1.3.
2 Raw Public Key Y [RFC7250]
3-223 Unassigned
224-255 Reserved for Private Use [RFC6091]

TLS Certificate Status Types

Registration Procedure(s)
IETF Review
Reference
[RFC6961][RFC8446]
Available Formats

CSV
Value Description Reference Comment
0 Reserved [RFC6961]
1 ocsp [RFC6066][RFC6961]
2 ocsp_multi_RESERVED [RFC6961][RFC8446] Used in TLS versions prior to 1.3.
3-255 Unassigned

TLS Application-Layer Protocol Negotiation (ALPN) Protocol IDs

Registration Procedure(s)
Expert Review
Expert(s)
Yoav Nir, Rich Salz, Nick Sullivan
Reference
[RFC7301][RFC8447]
Available Formats

CSV
Protocol Identification Sequence Reference
HTTP/0.9 0x68 0x74 0x74 0x70 0x2f 0x30 0x2e 0x39 ("http/0.9") [RFC1945]
HTTP/1.0 0x68 0x74 0x74 0x70 0x2f 0x31 0x2e 0x30 ("http/1.0") [RFC1945]
HTTP/1.1 0x68 0x74 0x74 0x70 0x2f 0x31 0x2e 0x31 ("http/1.1") [RFC7230]
SPDY/1 0x73 0x70 0x64 0x79 0x2f 0x31 ("spdy/1") [http://dev.chromium.org/spdy/spdy-protocol/spdy-protocol-draft1]
SPDY/2 0x73 0x70 0x64 0x79 0x2f 0x32 ("spdy/2") [http://dev.chromium.org/spdy/spdy-protocol/spdy-protocol-draft2]
SPDY/3 0x73 0x70 0x64 0x79 0x2f 0x33 ("spdy/3") [http://dev.chromium.org/spdy/spdy-protocol/spdy-protocol-draft3]
Traversal Using Relays around NAT (TURN) 0x73 0x74 0x75 0x6E 0x2E 0x74 0x75 0x72 0x6E ("stun.turn") [RFC7443]
NAT discovery using Session Traversal Utilities for NAT (STUN) 0x73 0x74 0x75 0x6E 0x2E 0x6e 0x61 0x74 0x2d 0x64 0x69 0x73 0x63 0x6f 0x76 0x65 0x72 0x79 ("stun.nat-discovery") [RFC7443]
HTTP/2 over TLS 0x68 0x32 ("h2") [RFC7540]
HTTP/2 over TCP 0x68 0x32 0x63 ("h2c") [1][RFC7540]
WebRTC Media and Data 0x77 0x65 0x62 0x72 0x74 0x63 ("webrtc") [RFC-ietf-rtcweb-alpn-04]
Confidential WebRTC Media and Data 0x63 0x2d 0x77 0x65 0x62 0x72 0x74 0x63 ("c-webrtc") [RFC-ietf-rtcweb-alpn-04]
FTP 0x66 0x74 0x70 ("ftp") [RFC959][RFC4217]
IMAP 0x69 0x6d 0x61 0x70 ("imap") [RFC2595]
POP3 0x70 0x6f 0x70 0x33 ("pop3") [RFC2595]
ManageSieve 0x6d 0x61 0x6e 0x61 0x67 0x65 0x73 0x69 0x65 0x76 0x65 ("managesieve") [RFC5804]
CoAP 0x63 0x6f 0x61 0x70 ("coap") [RFC8323]
XMPP jabber:client namespace 0x78 0x6d 0x70 0x70 0x2d 0x63 0x6c 0x69 0x65 0x6e 0x74 ("xmpp-client") [https://xmpp.org/extensions/xep-0368.html]
XMPP jabber:server namespace 0x78 0x6d 0x70 0x70 0x2d 0x73 0x65 0x72 0x76 0x65 0x72 ("xmpp-server") [https://xmpp.org/extensions/xep-0368.html]

TLS CachedInformationType Values

Expert(s)
Yoav Nir, Rich Salz, Nick Sullivan
Reference
[RFC7924]
Available Formats

CSV
Range Registration Procedures
0-63 Standards Action
64-223 Specification Required
Value Description Reference
0 Reserved [RFC7924]
1 cert [RFC7924]
2 cert_req [RFC7924]
3-223 Unassigned
224-255 Reserved for Private Use [RFC7924]

Footnote

[1]
This entry reserves an identifier for use within a cleartext version 
of a protocol and is not allowed to appear in a TLS ALPN negotiation.