httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Michael A. Peters" <mpet...@domblogger.net>
Subject Re: [users@httpd] Re: TLS 1.3
Date Thu, 29 Mar 2018 08:17:24 GMT
On 03/29/2018 01:05 AM, @lbutlr wrote:
> On 2018-03-28 (09:02 MDT), David Mehler <dave.mehler@gmail.com> wrote:
>>
>> What are some advantages of 1.3?
>
> Faster. Less kruft. Drops many near-EOL cryptos. But the main one is that is allows Perfect
Forward Secrecy (PFS) which means that even is someone captures the traffic and stores it,
and even if they interfere with the traffic actively at the time of communication, and then
at some later time gets access to the private keys used by the client and the server, they
STILL can't decrypt it.
>
> <https://en.wikipedia.org/wiki/Forward_secrecy>
>
> This is kind of the holy grail in cryptography.
>

Not just allows PFS, so does TLS 1.2 and with TLS 1.2 PFS cyphers are 
all I ever use. TLS 1.3 *mandates* PFS so you don't accidentally enable 
a cipher that does not have it, and that is a HUGE benefit.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message