TLS 1.2 Finished message
E37197
The TLS 1.2 Finished message is the protocol’s final handshake message that proves both parties share the same session keys and that the preceding handshake messages have not been tampered with.
Statements (47)
| Predicate | Object |
|---|---|
| instanceOf |
TLS handshake message
→
cryptographic protocol message → |
| computedUsing | TLS 1.2 PRF → |
| containsField | verify_data → |
| definedIn | RFC 5246 → |
| dependsOn |
handshake transcript
→
master secret derivation → negotiated cipher suite → |
| direction |
client sends Finished to server
→
server sends Finished to client → |
| ensuresProperty |
binding of session keys to the handshake
→
handshake integrity → key confirmation → |
| hasPurpose |
to prove both parties share the same session keys
→
to verify integrity of preceding handshake messages → |
| hasRole | final handshake message → |
| hasSecurityGoal | mutual assurance of handshake consistency → |
| isBoundTo |
negotiated security parameters
→
specific TLS session → |
| isCriticalFor | detecting handshake transcript truncation → |
| isDifferentFrom | TLS 1.3 Finished message → |
| isEncryptedUnder | record layer protection → |
| isEncryptedWith | newly negotiated session keys → |
| isFirstMessageProtectedBy | negotiated cipher suite → |
| isOpaqueTo | network intermediaries due to encryption → |
| isPrecededBy | server Finished when client is resuming with abbreviated handshake in some flows → |
| isRequiredFor | successful TLS 1.2 session establishment → |
| isSpecifiedAs | Finished(handshake_messages) = PRF(master_secret, finished_label, Hash(handshake_messages)) → |
| messageTypeCode | 20 in TLS 1.2 handshake protocol → |
| occursAfter | ChangeCipherSpec message → |
| occursBefore | application data exchange → |
| partOf | TLS 1.2 handshake protocol → |
| prevents |
certain man-in-the-middle attacks on the handshake
→
undetected tampering with handshake messages → |
| PRFInput |
hash of all previous handshake messages
→
master secret → |
| PRFLabel |
"client finished" for client Finished
→
"server finished" for server Finished → |
| protocolVersion | TLS 1.2 → |
| sentBy |
TLS client
→
TLS server → |
| usesHashAlgorithm | negotiated PRF hash (e.g., SHA-256) → |
| verifies |
that no handshake messages were added
→
that no handshake messages were modified → that no handshake messages were omitted → |
| verify_dataLength |
12 bytes for non-export cipher suites
→
variable length depending on PRF hash for some configurations → |