Contact Us
The TLS Record protocol of the vulnerable TLS versions uses a MAC-Encode-Encrypt (MEE) construction. As shown in Figure 21.1, sender Bob first computes the MAC tag using the actual payload to be transmitted and certain header bytes as input to the MAC algorithm. All MAC algorithms in TLS 1.1 and 1.2 are HMAC based, with MD5, SHA-1, and SHA-256 being the available hash functions. The header consists of an 8-byte sequence number SQN, which Bob increments with each transmitted TLS record, and a 5-byte field HDR, which holds a 2-byte version field, a 1-byte type field, and a 2-byte length field.