OSDir

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [users@httpd] Re: TLS 1.3


On 03/29/2018 01:05 AM, @lbutlr wrote:
On 2018-03-28 (09:02 MDT), David Mehler <dave.mehler@xxxxxxxxx> wrote:

What are some advantages of 1.3?

Faster. Less kruft. Drops many near-EOL cryptos. But the main one is that is allows Perfect Forward Secrecy (PFS) which means that even is someone captures the traffic and stores it, and even if they interfere with the traffic actively at the time of communication, and then at some later time gets access to the private keys used by the client and the server, they STILL can't decrypt it.

<https://en.wikipedia.org/wiki/Forward_secrecy>

This is kind of the holy grail in cryptography.


Not just allows PFS, so does TLS 1.2 and with TLS 1.2 PFS cyphers are all I ever use. TLS 1.3 *mandates* PFS so you don't accidentally enable a cipher that does not have it, and that is a HUGE benefit.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx