TLS Record Protocol (Encryption, Padding, Sequencing)

#The Heavy Lifter: Transporting the Payload#link

While the Handshake Protocol handles the 'negotiation', the Record Protocol handles the actual data movement. It takes the application data, fragments it, compresses it (rarely now), adds a MAC for integrity, and encrypts it.

Framing and Fragmentation

TLS does not send a continuous stream of bytes; it sends 'Records'. Each record has a header containing the content type (e.g., Handshake, Alert, or Application Data), a version number, and the length of the payload. This allows the receiver to know exactly how many bytes to read before attempting decryption.

{
  "record_header": {
    "content_type": "Application Data (23)",
    "version": "TLS 1.2 (0x0303)",
    "length": "1024 bytes"
  },
  "encrypted_payload": "... [AES-GCM Ciphertext] ...",
  "auth_tag": "... [GCM Tag for Integrity] ..."
}

The structure above ensures that if a single byte of the encrypted payload is changed, the `auth_tag` (MAC) will fail to validate, and the connection will be terminated with a 'Bad Record MAC' alert.

The Danger of Padding: MAC-then-Encrypt vs. Encrypt-then-MAC

In older versions of TLS, the protocol used 'MAC-then-Encrypt'. It calculated the MAC, appended it to the data, added padding to fit the block size, and then encrypted everything. This created a 'Padding Oracle'—if the server's error message differed when padding was wrong versus when the MAC was wrong, attackers could guess the plaintext.

Sequencing and Anti-Replay

To prevent an attacker from capturing a valid record and re-inserting it later in the stream (a 'Replay' or 'Reordering' attack), the Record Protocol maintains an implicit sequence number. Both the client and server increment this counter for every record sent. The MAC is calculated using this sequence number.

• ▪Verify sequence numbers match on both ends
• ▪Ensure AEAD nonces include the sequence number
• ▪Use TLS 1.3 to avoid legacy padding issues
• ▪Monitor for 'Decryption Failed' alerts in logs