mirre-mt/masters-thesis
Archived
1
0
Fork 0
Code Releases 1 Activity

tex: enhance the tls section

Browse Source
This commit is contained in:
surtur 2023-08-18 18:02:49 +02:00
parent c47338f8ad
commit a61cfa47de
Signed by: wanderer
SSH Key Fingerprint: SHA256:MdCZyJ2sHLltrLBp0xQO0O1qTW9BT/xl5nXkDvhlMCI
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
tex/part-theoretical.tex
View File

@ -137,21 +137,22 @@ greater harm.
The Transport Layer Security protocol (or TLS) serves as as an encryption and
\emph{authentication} protocol to secure internet communications. An important
part of the protocol is the \emph{handshake}, during which the two communicating
parties exchange messages that acknowledge each other's presence, verify each
other, choose what cryptographic algorithms will be used and decide session
keys. As there are multiple versions of the protocol in active duty even at the
moment, the server together with the client need to agree upon the version they
are going to use (these days it is recommended to use either 1.2 or 1.3),
pick cipher suites (), the client verifies the server's public key (and the signature of the
certificate authority that issued it) and they both generate session keys for
use after handshake completion.
part of the protocol is the \emph{handshake}, during which the two
communicating parties exchange messages that acknowledge each other's presence,
verify each other, choose what cryptographic algorithms will be used and decide
session keys. As there are multiple versions of the protocol in active duty
even at the moment, the server together with the client need to agree upon the
version they are going to use (it is recommended to use either v1.2 or v1.3
these days), pick cipher suites (if applicable), the client verifies the
server's public key (and the signature of the certificate authority that issued
it) and they both generate session keys for use after handshake completion.
TLSv1.3 dramatically reduced the number of available suites to only include the
ones deemed secure enough, which is why it is no longer needed to manually
specify what cipher suite should be used (or rely on the client/server to
choose wisely). While possibly facing compatibility issues with legacy devices,
the simplicity that enabling TLSv1.3 brings is a worthy trade-off.
the simplicity brought by enabling TLSv1.3 might be considered a worthy
trade-off.
\n{1}{Passwords}\label{sec:passwords}