Record Protocol

The Record Protocol is the phase of Transport Layer Security that handles the actual transmission of application data after the Handshake Protocol has established session keys and negotiated cipher parameters. It fragments, optionally compresses, applies a message authentication code, encrypts, and transmits data records — a pipeline that transforms raw application bytes into cryptographically protected packets. The Record Protocol's security guarantees depend entirely on the correctness of the preceding handshake: if the handshake is compromised — through a man-in-the-middle attack or a weak cipher suite — the Record Protocol provides no additional defense. Despite its critical role, the Record Protocol receives less scrutiny than the handshake because its vulnerabilities are typically inherited rather than native, a blind spot that has allowed attacks like BEAST and Lucky13 to exploit subtle interactions between record-level processing and the underlying encryption mode.