Transport Layer Security (TLS) Extensions

Transport Layer Security (TLS) Extensions
Transport Layer Security (TLS) Extensions
Created
2005-11-15
2026-04-01
Related Registry Group(s)
Transport Layer Security (TLS) Parameters
Available Formats
XML
HTML
Plain text
Registries Included Below
TLS ExtensionType Values
TLS Certificate Types
TLS Certificate Status Types
TLS Application-Layer Protocol Negotiation (ALPN) Protocol IDs
TLS CachedInformationType Values
TLS Certificate Compression Algorithm IDs
TLS ExtensionType Values
Expert(s)
Yoav Nir, Rich Salz, Nick Sullivan
Reference
RFC-ietf-tls-rfc8446bis-13
][
RFC8447
][
RFC9146
][
RFC-ietf-tls-tls12-frozen-08
][
RFC9847
Note
If the "Specification Required" [
RFC8126
] procedure applies,
registration requests can be sent to iana@iana.org or submitted via
IANA's [
application form
], per [
RFC9847
]. IANA
will forward the submission to the expert mailing list described in
RFC 8447, Section 17
] and track its progress. See the registration
procedure table below for more information.
Note
The role of the designated expert is described in [
RFC8447
].
The designated expert [
RFC8126
] ensures that the specification is
publicly available. It is sufficient to have an Internet-Draft
(that is posted and never published as an RFC) or a document from
another standards body, industry consortium, university site, etc.
The expert may provide more in-depth reviews, but their approval
should not be taken as an endorsement of the extension.
Note
As specified in [
RFC8126
], assignments made in the Private Use
space are not generally useful for broad interoperability. It is
the responsibility of those making use of the Private Use range to
ensure that no conflicts occur (within the intended scope of use).
For widespread experiments, temporary reservations are available.
Note
If the "Recommended" column is set to "N", it does not necessarily
mean that it is flawed; rather, it indicates that the item either
has not been through the IETF consensus process, has limited
applicability, or is intended only for specific use cases. If the
"Recommended" column is set to "D," the item is discouraged and
SHOULD NOT or MUST NOT be used, depending upon the situation;
consult the item's references for clarity.
Note
Abbreviations that may appear in the "TLS 1.3" field include "CH"
(ClientHello), "SH" (ServerHello), "EE" (EncryptedExtensions), "CT"
(Certificate), "CR" (CertificateRequest), "NST" (NewSessionTicket),
and "HRR" (HelloRetryRequest).
Note
The addition of the "CR" to the "TLS 1.3" column for the
server_name(0) extension only marks the extension as valid in a
ClientCertificateRequest created as part of client-generated
authenticator requests.
Note
Any TLS entry added after the IESG approves publication of [
RFC-ietf-tls-tls12-frozen-08
is intended for TLS 1.3 or later, and makes no similar requirement
on DTLS. Such entries should have an informal indication like "For
TLS 1.3 or later" in that entry, such as the "Comment" column.
Available Formats
CSV
Range
Registration Procedures
"Recommended" set to/transitioning from "Y" or "D"
Either Standards Action With Expert Review or IESG Approval
"Recommended" set to "N," not transitioning from another value
Specification Required
Value
Extension Name
TLS 1.3
DTLS-Only
Recommended
Reference
Comment
server_name
CH, EE, CR
RFC6066
][
RFC9261
max_fragment_length
CH, EE
RFC6066
][
RFC8449
client_certificate_url
RFC6066
trusted_ca_keys
RFC6066
truncated_hmac
RFC6066
][
IESG Action 2018-08-16
][
RFC9847
][
Tag Size Does Matter: Attacks and Proofs for the TLS Record Protocol
status_request
CH, CR, CT
RFC6066
user_mapping
RFC4681
client_authz
RFC5878
server_authz
RFC5878
cert_type
RFC6091
10
supported_groups (renamed from "elliptic_curves")
CH, EE
RFC8422
][
RFC7919
11
ec_point_formats
RFC8422
12
srp
RFC5054
13
signature_algorithms
CH, CR
RFC-ietf-tls-rfc8446bis-13
14
use_srtp
CH, EE
RFC5764
15
heartbeat
CH, EE
RFC6520
16
application_layer_protocol_negotiation
CH, EE
RFC7301
17
status_request_v2
RFC6961
18
signed_certificate_timestamp
CH, CR, CT
RFC6962
19
client_certificate_type
CH, EE
RFC7250
20
server_certificate_type
CH, EE
RFC7250
21
padding
CH
RFC7685
22
encrypt_then_mac
RFC7366
23
extended_main_secret
RFC7627
][
RFC-ietf-tls-rfc8446bis-13
24
token_binding
RFC8472
25
cached_info
RFC7924
26
tls_lts
draft-gutmann-tls-lts-11
27
compress_certificate
CH, CR
RFC8879
28
record_size_limit
CH, EE
RFC8449
29
pwd_protect
CH
RFC8492
30
pwd_clear
CH
RFC8492
31
password_salt
CH, SH, HRR
RFC8492
32
ticket_pinning
CH, EE
RFC8672
33
tls_cert_with_extern_psk
CH, SH
RFC-ietf-tls-8773bis-12
34
delegated_credential
CH, CR, CT
RFC9345
35
session_ticket (renamed from "SessionTicket TLS")
RFC5077
][
RFC8447
36
TLMSP
ETSI TS 103 523-2
37
TLMSP_proxying
ETSI TS 103 523-2
38
TLMSP_delegate
ETSI TS 103 523-2
39
supported_ekt_ciphers
CH, EE
RFC8870
40
Reserved
RFC9847
][
tls-reg-review mailing list
41
pre_shared_key
CH, SH
RFC-ietf-tls-rfc8446bis-13
42
early_data
CH, EE, NST
RFC-ietf-tls-rfc8446bis-13
43
supported_versions
CH, SH, HRR
RFC-ietf-tls-rfc8446bis-13
44
CH, HRR
RFC-ietf-tls-rfc8446bis-13
45
psk_key_exchange_modes
CH
RFC-ietf-tls-rfc8446bis-13
46
Reserved
RFC9847
][
tls-reg-review mailing list
47
certificate_authorities
CH, CR
RFC-ietf-tls-rfc8446bis-13
48
oid_filters
CR
RFC-ietf-tls-rfc8446bis-13
49
post_handshake_auth
CH
RFC-ietf-tls-rfc8446bis-13
50
signature_algorithms_cert
CH, CR
RFC-ietf-tls-rfc8446bis-13
51
key_share
CH, SH, HRR
RFC-ietf-tls-rfc8446bis-13
][
RFC Errata 5483
52
transparency_info
CH, CR, CT
RFC9162
53
connection_id (deprecated)
RFC9146
][
RFC9847
54
connection_id
CH, SH
RFC9146
55
external_id_hash
CH, EE
RFC8844
56
external_session_id
CH, EE
RFC8844
57
quic_transport_parameters
CH, EE
RFC9001
58
ticket_request
CH, EE
RFC9149
59
dnssec_chain
CH, CT
RFC9102
][
RFC Errata 6860
60
sequence_number_encryption_algorithms
CH, HRR, SH
draft-pismenny-tls-dtls-plaintext-sequence-number-01
61
rrc
CH, SH
RFC9853
62
tls_flags
CH,SH,HRR,EE,CR,CT,NST
draft-ietf-tls-tlsflags-14
63-2569
Unassigned
2570
Reserved
CH, CR, NST
RFC8701
2571-6681
Unassigned
6682
Reserved
CH, CR, NST
RFC8701
6683-10793
Unassigned
10794
Reserved
CH, CR, NST
RFC8701
10795-14905
Unassigned
14906
Reserved
CH, CR, NST
RFC8701
14907-19017
Unassigned
19018
Reserved
CH, CR, NST
RFC8701
19019-23129
Unassigned
23130
Reserved
CH, CR, NST
RFC8701
23131-27241
Unassigned
27242
Reserved
CH, CR, NST
RFC8701
27243-31353
Unassigned
31354
Reserved
CH, CR, NST
RFC8701
31355-35465
Unassigned
35466
Reserved
CH, CR, NST
RFC8701
35467-39577
Unassigned
39578
Reserved
CH, CR, NST
RFC8701
39579-43689
Unassigned
43690
Reserved
CH, CR, NST
RFC8701
43691-47801
Unassigned
47802
Reserved
CH, CR, NST
RFC8701
47803-51913
Unassigned
51914
Reserved
CH, CR, NST
RFC8701
51915-56025
Unassigned
56026
Reserved
CH, CR, NST
RFC8701
56027-60137
Unassigned
60138
Reserved
CH, CR, NST
RFC8701
60139-64249
Unassigned
64250
Reserved
CH, CR, NST
RFC8701
64251-64767
Unassigned
64768
ech_outer_extensions
CH
RFC9849
Only appears in inner CH.
64769-65036
Unassigned
65037
encrypted_client_hello
CH, HRR, EE
RFC9849
65038-65279
Unassigned
65280
Reserved for Private Use
RFC-ietf-tls-rfc8446bis-13
65281
renegotiation_info
RFC5746
65282-65535
Reserved for Private Use
RFC-ietf-tls-rfc8446bis-13
TLS Certificate Types
Expert(s)
Yoav Nir, Rich Salz, Nick Sullivan
Reference
RFC6091
][
RFC-ietf-tls-rfc8446bis-13
][
RFC8447
][
RFC-ietf-tls-tls12-frozen-08
][
RFC9847
Note
If the "Specification Required" [
RFC8126
] procedure applies,
registration requests can be sent to iana@iana.org or submitted via
IANA's [
application form
], per [
RFC9847
]. IANA
will forward the submission to the expert mailing list described in
RFC 8447, Section 17
] and track its progress. See the registration
procedure table below for more information.
Note
The role of the designated expert is described in [
RFC8447
].
The designated expert [
RFC8126
] ensures that the specification is
publicly available. It is sufficient to have an Internet-Draft
(that is posted and never published as an RFC) or a document from
another standards body, industry consortium, university site, etc.
The expert may provide more in-depth reviews, but their approval
should not be taken as an endorsement of the certificate type.
Note
If the "Recommended" column is set to "N", it does not necessarily
mean that it is flawed; rather, it indicates that the item either
has not been through the IETF consensus process, has limited
applicability, or is intended only for specific use cases. If the
"Recommended" column is set to "D," the item is discouraged and
SHOULD NOT or MUST NOT be used, depending upon the situation;
consult the item's references for clarity.
Note
Any TLS entry added after the IESG approves publication of [
RFC-ietf-tls-tls12-frozen-08
is intended for TLS 1.3 or later, and makes no similar requirement
on DTLS. Such entries should have an informal indication like "For
TLS 1.3 or later" in that entry, such as the "Comment" column.
Available Formats
CSV
Range
Registration Procedures
"Recommended" set to/transitioning from "Y" or "D"
Either Standards Action With Expert Review or IESG Approval
"Recommended" set to "N," not transitioning from another value
Specification Required
Value
Name
Recommended
Reference
Comment
X509
RFC6091
][
RFC Errata 5976
Was X.509 before TLS 1.3.
OpenPGP_RESERVED
RFC6091
][
RFC-ietf-tls-rfc8446bis-13
Used in TLS versions prior to 1.3.
Raw Public Key
RFC7250
1609Dot2
RFC8902
4-223
Unassigned
224-255
Reserved for Private Use
RFC6091
TLS Certificate Status Types
Registration Procedure(s)
IETF Review
Reference
RFC6961
][
RFC-ietf-tls-rfc8446bis-13
][
RFC-ietf-tls-tls12-frozen-08
][
RFC9847
Note
Any TLS entry added after the IESG approves publication of [
RFC-ietf-tls-tls12-frozen-08
is intended for TLS 1.3 or later, and makes no similar requirement
on DTLS. Such entries should have an informal indication like "For
TLS 1.3 or later" in that entry, such as the "Comment" column.
Available Formats
CSV
Value
Description
Reference
Comment
Reserved
RFC6961
ocsp
RFC6066
][
RFC6961
ocsp_multi_RESERVED
RFC6961
][
RFC-ietf-tls-rfc8446bis-13
Used in TLS versions prior to 1.3.
3-255
Unassigned
TLS Application-Layer Protocol Negotiation (ALPN) Protocol IDs
Registration Procedure(s)
Expert Review
Expert(s)
Yoav Nir, Rich Salz, Nick Sullivan
Reference
RFC7301
][
RFC8447
][
RFC9847
Note
Registration requests should be sent to iana@iana.org or submitted
via IANA's [
application form
], per [
RFC9847
].
IANA will forward the request to the expert mailing list described in
RFC 8447, Section 17
] and track its progress.
Note
When this registry has an HTTP-specific version added or modified,
the YANG module [
iana-http-versions
] must be updated as defined
in [
RFC-ietf-netconf-http-client-server-31
].
Available Formats
CSV
Protocol
Identification Sequence
Reference
Comment
Reserved
0x0A 0x0A
RFC8701
Reserved
0x1A 0x1A
RFC8701
Reserved
0x2A 0x2A
RFC8701
Reserved
0x3A 0x3A
RFC8701
Reserved
0x4A 0x4A
RFC8701
Reserved
0x5A 0x5A
RFC8701
Reserved
0x6A 0x6A
RFC8701
Reserved
0x7A 0x7A
RFC8701
Reserved
0x8A 0x8A
RFC8701
Reserved
0x9A 0x9A
RFC8701
Reserved
0xAA 0xAA
RFC8701
Reserved
0xBA 0xBA
RFC8701
Reserved
0xCA 0xCA
RFC8701
Reserved
0xDA 0xDA
RFC8701
Reserved
0xEA 0xEA
RFC8701
Reserved
0xFA 0xFA
RFC8701
HTTP/0.9
0x68 0x74 0x74 0x70 0x2f 0x30 0x2e 0x39 ("http/0.9")
RFC1945
HTTP/1.0
0x68 0x74 0x74 0x70 0x2f 0x31 0x2e 0x30 ("http/1.0")
RFC1945
HTTP/1.1
0x68 0x74 0x74 0x70 0x2f 0x31 0x2e 0x31 ("http/1.1")
RFC9112
SPDY/1
0x73 0x70 0x64 0x79 0x2f 0x31 ("spdy/1")
SPDY/2
0x73 0x70 0x64 0x79 0x2f 0x32 ("spdy/2")
SPDY/3
0x73 0x70 0x64 0x79 0x2f 0x33 ("spdy/3")
Traversal Using Relays around NAT (TURN)
0x73 0x74 0x75 0x6E 0x2E 0x74 0x75 0x72 0x6E ("stun.turn")
RFC7443
NAT discovery using Session Traversal Utilities for NAT (STUN)
0x73 0x74 0x75 0x6E 0x2E 0x6e 0x61 0x74 0x2d 0x64 0x69 0x73 0x63 0x6f 0x76 0x65 0x72 0x79 ("stun.nat-discovery")
RFC7443
HTTP/2 over TLS
0x68 0x32 ("h2")
RFC9113
HTTP/2 over TCP
0x68 0x32 0x63 ("h2c")
RFC9113
This entry reserves an identifier for use within a cleartext version
of a protocol and is not allowed to appear in a TLS ALPN negotiation.
WebRTC Media and Data
0x77 0x65 0x62 0x72 0x74 0x63 ("webrtc")
RFC8833
Confidential WebRTC Media and Data
0x63 0x2d 0x77 0x65 0x62 0x72 0x74 0x63 ("c-webrtc")
RFC8833
FTP
0x66 0x74 0x70 ("ftp")
RFC959
][
RFC4217
IMAP
0x69 0x6d 0x61 0x70 ("imap")
RFC2595
POP3
0x70 0x6f 0x70 0x33 ("pop3")
RFC2595
ManageSieve
0x6d 0x61 0x6e 0x61 0x67 0x65 0x73 0x69 0x65 0x76 0x65 ("managesieve")
RFC5804
CoAP (over TLS)
0x63 0x6f 0x61 0x70 ("coap")
RFC8323
CoAP (over DTLS)
0x63 0x6f ("co")
RFC7252
][
RFC9952
XMPP jabber:client namespace
0x78 0x6d 0x70 0x70 0x2d 0x63 0x6c 0x69 0x65 0x6e 0x74 ("xmpp-client")
XMPP jabber:server namespace
0x78 0x6d 0x70 0x70 0x2d 0x73 0x65 0x72 0x76 0x65 0x72 ("xmpp-server")
acme-tls/1
0x61 0x63 0x6d 0x65 0x2d 0x74 0x6c 0x73 0x2f 0x31 ("acme-tls/1")
RFC8737
OASIS Message Queuing Telemetry Transport (MQTT)
0x6d 0x71 0x74 0x74 ("mqtt")
DNS-over-TLS
0x64 0x6F 0x74 ("dot")
RFC7858
Network Time Security Key Establishment, version 1
0x6E 0x74 0x73 0x6B 0x65 0x2F 0x31 ("ntske/1")
RFC8915, Section 4
SunRPC
0x73 0x75 0x6e 0x72 0x70 0x63 ("sunrpc")
RFC9289
HTTP/3
0x68 0x33 ("h3")
RFC9114
SMB2
0x73 0x6D 0x62 ("smb")
IRC
0x69 0x72 0x63 ("irc")
RFC1459
NNTP (reading)
0x6E 0x6E 0x74 0x70 ("nntp")
RFC3977
NNTP (transit)
0x6E 0x6E 0x73 0x70 ("nnsp")
RFC3977
DoQ
0x64 0x6F 0x71 ("doq")
RFC9250
SIP
0x73 0x69 0x70 0x2f 0x32 ("sip/2")
RFC3261
TDS/8.0
0x74 0x64 0x73 0x2f 0x38 0x2e 0x30 ("tds/8.0")
[MS-TDS]: Tabular Data Stream Protocol
DICOM
0x64 0x69 0x63 0x6f 0x6d ("dicom")
PostgreSQL
0x70 0x6F 0x73 0x74 0x67 0x72 0x65 0x73 0x71 0x6C ("postgresql")
RADIUS/1.0
0x72 0x61 0x64 0x69 0x75 0x73 0x2f 0x31 0x2e 0x30 ("radius/1.0")
RFC9765
RADIUS/1.1
0x72 0x61 0x64 0x69 0x75 0x73 0x2f 0x31 0x2e 0x31 ("radius/1.1")
RFC9765
NetPerfMeter Protocol Control Channel (NPMP-CONTROL)
0x6e 0x65 0x74 0x70 0x65 0x72 0x66 0x6d 0x65 0x74 0x65 0x72 0x2f 0x63 0x6f 0x6e 0x74 0x72 0x6f 0x6c 0x0a ("netperfmeter/control")
NetPerfMeter Protocol Data Channel (NPMP-DATA)
0x6e 0x65 0x74 0x70 0x65 0x72 0x66 0x6d 0x65 0x74 0x65 0x72 0x2f 0x64 0x61 0x74 0x61 0x0a ("netperfmeter/data")
TLS CachedInformationType Values
Expert(s)
Yoav Nir, Rich Salz, Nick Sullivan
Reference
RFC7924
][
RFC-ietf-tls-tls12-frozen-08
][
RFC9847
Note
Requests for registration in the "Specification Required" [
RFC8126
range should be sent to iana@iana.org or submitted via IANA's
application form
], per [
RFC9847
]. IANA will
forward the request to the expert mailing list described in
RFC 8447, Section 17
] and track its progress. See the registration
procedure table below for more information.
Note
Any TLS entry added after the IESG approves publication of [
RFC-ietf-tls-tls12-frozen-08
is intended for TLS 1.3 or later, and makes no similar requirement
on DTLS. Such entries should have an informal indication like "For
TLS 1.3 or later" in that entry, such as the "Comment" column.
Available Formats
CSV
Range
Registration Procedures
0-63
Standards Action
64-223
Specification Required
Value
Description
Reference
Comment
Reserved
RFC7924
cert
RFC7924
cert_req
RFC7924
3-223
Unassigned
224-255
Reserved for Private Use
RFC7924
TLS Certificate Compression Algorithm IDs
Expert(s)
Yoav Nir, Rich Salz, Nick Sullivan
Reference
RFC8879
][
RFC-ietf-tls-tls12-frozen-08
][
RFC9847
Note
Requests for registration in the "Specification Required" [
RFC8126
range should be sent to iana@iana.org or submitted via IANA's
application form
], per [
RFC9847
]. IANA will
forward the request to the expert mailing list described in
RFC 8447, Section 17
] and track its progress. See the registration
procedure table below for more information.
Note
Any TLS entry added after the IESG approves publication of [
RFC-ietf-tls-tls12-frozen-08
is intended for TLS 1.3 or later, and makes no similar requirement
on DTLS. Such entries should have an informal indication like "For
TLS 1.3 or later" in that entry, such as the "Comment" column.
Available Formats
CSV
Range
Registration Procedures
1-255
IETF Review
256-16383
Specification Required
16384-65535
Experimental Use
Algorithm Number
Description
Reference
Comment
Reserved
RFC8879
zlib
RFC8879
brotli
RFC8879
zstd
RFC8879
4-16383
Unassigned
16384-65535
Reserved for Experimental Use
RFC8879