Skip to content

Commit

Permalink
doc: improve TLS/SSL introduction
Browse files Browse the repository at this point in the history
PR-URL: #41649
Reviewed-By: Rich Trott <rtrott@gmail.com>
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Colin Ihrig <cjihrig@gmail.com>
Reviewed-By: Richard Lau <rlau@redhat.com>
Reviewed-By: Darshan Sen <raisinten@gmail.com>
  • Loading branch information
tniessen authored and danielleadams committed Mar 2, 2022
1 parent 4e53c45 commit f50e251
Showing 1 changed file with 5 additions and 4 deletions.
9 changes: 5 additions & 4 deletions doc/api/tls.md
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,9 @@ const tls = require('tls');

## TLS/SSL concepts

The TLS/SSL is a public/private key infrastructure (PKI). For most common
cases, each server must have a _private key_.
TLS/SSL is a set of protocols that rely on a public key infrastructure (PKI) to
enable secure communication between a client and a server. For most common
cases, each server must have a private key.

Private keys can be generated in multiple ways. The example below illustrates
use of the OpenSSL command-line interface to generate a 2048-bit RSA private
Expand Down Expand Up @@ -129,8 +130,8 @@ servers can accommodate both, choosing either of them during the normal cipher
negotiation step.

TLS-PSK is only a good choice where means exist to securely share a
key with every connecting machine, so it does not replace PKI
(Public Key Infrastructure) for the majority of TLS uses.
key with every connecting machine, so it does not replace the public key
infrastructure (PKI) for the majority of TLS uses.
The TLS-PSK implementation in OpenSSL has seen many security flaws in
recent years, mostly because it is used only by a minority of applications.
Please consider all alternative solutions before switching to PSK ciphers.
Expand Down

0 comments on commit f50e251

Please sign in to comment.