mirre-mt/masters-thesis
Archived
1
0
Fork 0
Code Releases 1 Activity

tex: enhance the tls section

Browse Source
This commit is contained in:
surtur 2023-08-18 18:02:49 +02:00
parent c47338f8ad
commit a61cfa47de
Signed by: wanderer
SSH Key Fingerprint: SHA256:MdCZyJ2sHLltrLBp0xQO0O1qTW9BT/xl5nXkDvhlMCI
1 changed files with 11 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
tex/part-theoretical.tex
View File

@ -137,21 +137,22 @@ greater harm.
The Transport Layer Security protocol (or TLS) serves as as an encryption and The Transport Layer Security protocol (or TLS) serves as as an encryption and
\emph{authentication} protocol to secure internet communications. An important \emph{authentication} protocol to secure internet communications. An important
part of the protocol is the \emph{handshake}, during which the two communicating part of the protocol is the \emph{handshake}, during which the two
parties exchange messages that acknowledge each other's presence, verify each communicating parties exchange messages that acknowledge each other's presence,
other, choose what cryptographic algorithms will be used and decide session verify each other, choose what cryptographic algorithms will be used and decide
keys. As there are multiple versions of the protocol in active duty even at the session keys. As there are multiple versions of the protocol in active duty
moment, the server together with the client need to agree upon the version they even at the moment, the server together with the client need to agree upon the
are going to use (these days it is recommended to use either 1.2 or 1.3), version they are going to use (it is recommended to use either v1.2 or v1.3
pick cipher suites (), the client verifies the server's public key (and the signature of the these days), pick cipher suites (if applicable), the client verifies the
certificate authority that issued it) and they both generate session keys for server's public key (and the signature of the certificate authority that issued
use after handshake completion. it) and they both generate session keys for use after handshake completion.
TLSv1.3 dramatically reduced the number of available suites to only include the TLSv1.3 dramatically reduced the number of available suites to only include the
ones deemed secure enough, which is why it is no longer needed to manually ones deemed secure enough, which is why it is no longer needed to manually
specify what cipher suite should be used (or rely on the client/server to specify what cipher suite should be used (or rely on the client/server to
choose wisely). While possibly facing compatibility issues with legacy devices, choose wisely). While possibly facing compatibility issues with legacy devices,
the simplicity that enabling TLSv1.3 brings is a worthy trade-off. the simplicity brought by enabling TLSv1.3 might be considered a worthy
trade-off.
\n{1}{Passwords}\label{sec:passwords} \n{1}{Passwords}\label{sec:passwords}