1
0

tex: enhance the tls section

This commit is contained in:
surtur 2023-08-18 18:02:49 +02:00
parent c47338f8ad
commit a61cfa47de
Signed by: wanderer
SSH Key Fingerprint: SHA256:MdCZyJ2sHLltrLBp0xQO0O1qTW9BT/xl5nXkDvhlMCI

@ -137,21 +137,22 @@ greater harm.
The Transport Layer Security protocol (or TLS) serves as as an encryption and
\emph{authentication} protocol to secure internet communications. An important
part of the protocol is the \emph{handshake}, during which the two communicating
parties exchange messages that acknowledge each other's presence, verify each
other, choose what cryptographic algorithms will be used and decide session
keys. As there are multiple versions of the protocol in active duty even at the
moment, the server together with the client need to agree upon the version they
are going to use (these days it is recommended to use either 1.2 or 1.3),
pick cipher suites (), the client verifies the server's public key (and the signature of the
certificate authority that issued it) and they both generate session keys for
use after handshake completion.
part of the protocol is the \emph{handshake}, during which the two
communicating parties exchange messages that acknowledge each other's presence,
verify each other, choose what cryptographic algorithms will be used and decide
session keys. As there are multiple versions of the protocol in active duty
even at the moment, the server together with the client need to agree upon the
version they are going to use (it is recommended to use either v1.2 or v1.3
these days), pick cipher suites (if applicable), the client verifies the
server's public key (and the signature of the certificate authority that issued
it) and they both generate session keys for use after handshake completion.
TLSv1.3 dramatically reduced the number of available suites to only include the
ones deemed secure enough, which is why it is no longer needed to manually
specify what cipher suite should be used (or rely on the client/server to
choose wisely). While possibly facing compatibility issues with legacy devices,
the simplicity that enabling TLSv1.3 brings is a worthy trade-off.
the simplicity brought by enabling TLSv1.3 might be considered a worthy
trade-off.
\n{1}{Passwords}\label{sec:passwords}