This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthor

Only authorized users are allowed to rename pages.

Only authorized users are allowed to delete pages.

Page revision history

Version Date Modified Size Author Changes ... Change note

Page References

Incoming links Outgoing links
TLS Protocol Limitations
TLS Protocol Limitations

Version management

Difference between version and

At line 1 added 21 lines
!!! Overview
[TLS] is known to currently have several limitations based certain design decisions:
* Although [Encryption] protects the contents of a TCP connection, but the metadata of TCP and any other lower layers remains in plaintext.
* Even at the [TLS] layer, a lot of the information is exposed as plaintext.
** The first [TLS] handshake is not encrypted
** examine the [Server Name Indication] information to determine the intended virtual host
** examine the host’s certificate, and, when client certificates are used,
** potentially obtain enough information to identify the user.
* After encryption is activated, some protocol information remains in the clear:
** the observer can see the subprotocol and length of each message
The leakage of network-layer metadata can be solved only at those levels. The other limitations could be fixed, and, indeed, there are proposals and discussions about addressing them.
There are workarounds to avoid these issues, but they’re not used by mainstream implementations.
!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Bulletproof SSL and TLS|https://www.feistyduck.com/books/bulletproof-ssl-and-tls/|target='_blank'] - based on 2015-05-13
This page (revision-1) was last changed on 29-Nov-2024 16:16 by UnknownAuthorTop