Codec Freedom -- Specifications -- Connection Profiles -- TLS Security
At the onset of an MSRP session, it may choose to switch to a connection protected by TLS. This would improve both the authenticity and the encryption of the data.
TODO: Part of this page is specific to MSRP, but we moved on to AMQP 1.0 because it is more general.
Indication through STARTTLS
Normally, an MSRP connection starts with keywords, such as
SEND or perhaps
MSRP; but if security through TLS is desired, it should instead start with
STARTTLS, a space and a decimal number that fits in an unsigned
32-bit format, followed by a newline.
Both endpoints should send this sequence, and after each has sent its sequence it should wait until the other side sends it too. If the other side does not agree, it will send the same decimal number; if it sends another number the switch to TLS may proceed.
Dividing the Client and Server Roles
The number helps to establish which endpoint plays the role of the TLS client, and which is the TLS server. This sort of distinction is immaterial to MSRP, but TLS insists on such a division.
Values may be generated at random. Parties that intend to be a client should generate values in the range up to 1073741823 or 2^30-1; parties that intend to be a server should generate values in the range starting from 3221225472 or 3*2^30. Any values between these turning points may be used to signal indifference about the role to play. When the values generated differ, and when not both aim for client or both aim for server, the endpoint that sent the highest value becomes the server and the other becomes the client.
Starting TLS and Continuing
After both parties have sent their
STARTTLS commandline, the connection
switches to a TLS connection. The identities exchanged MAY be used to
validate the remote endpoint from either side, or from both sides.
As soon as the TLS handshake has established a secure connection, the internals of the TLS connection can be used to continue with the intended protocol -- basically, MSRP.