You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@httpd.apache.org by "@lbutlr" <kr...@kreme.com> on 2018/03/29 08:05:46 UTC
[users@httpd] Re: TLS 1.3
On 2018-03-28 (09:02 MDT), David Mehler <da...@gmail.com> wrote:
>
> What are some advantages of 1.3?
Faster. Less kruft. Drops many near-EOL cryptos. But the main one is that is allows Perfect Forward Secrecy (PFS) which means that even is someone captures the traffic and stores it, and even if they interfere with the traffic actively at the time of communication, and then at some later time gets access to the private keys used by the client and the server, they STILL can't decrypt it.
<https://en.wikipedia.org/wiki/Forward_secrecy>
This is kind of the holy grail in cryptography.
--
Wife: Who are you talking to?
Husb: [on phone] Jon
Wife: Aren't you going to talk to me?
Husb: I talked to you at dinner, do I need to talk to you again?
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
[users@httpd] Re: TLS 1.3
Posted by "@lbutlr" <kr...@kreme.com>.
On Mar 29, 2018, at 02:17, Michael A. Peters <mp...@domblogger.net> wrote:
> TLS 1.3 *mandates* PFS so you don't accidentally enable a cipher that does not have it, and that is a HUGE benefit.
Yes, sorry about that.
--
This is my signature. There are many like it, but this one is mine.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
Re: [users@httpd] Re: TLS 1.3
Posted by "Michael A. Peters" <mp...@domblogger.net>.
On 03/29/2018 01:05 AM, @lbutlr wrote:
> On 2018-03-28 (09:02 MDT), David Mehler <da...@gmail.com> wrote:
>>
>> What are some advantages of 1.3?
>
> Faster. Less kruft. Drops many near-EOL cryptos. But the main one is that is allows Perfect Forward Secrecy (PFS) which means that even is someone captures the traffic and stores it, and even if they interfere with the traffic actively at the time of communication, and then at some later time gets access to the private keys used by the client and the server, they STILL can't decrypt it.
>
> <https://en.wikipedia.org/wiki/Forward_secrecy>
>
> This is kind of the holy grail in cryptography.
>
Not just allows PFS, so does TLS 1.2 and with TLS 1.2 PFS cyphers are
all I ever use. TLS 1.3 *mandates* PFS so you don't accidentally enable
a cipher that does not have it, and that is a HUGE benefit.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org