Changes between Version 4 and Version 5 of Hardening


Ignore:
Timestamp:
04/15/14 00:31:45 (10 years ago)
Author:
IncreasedSecurity
Comment:

added example for tls-auth actually having proven useful against a real and serious vulnerability.

Legend:

Unmodified
Added
Removed
Modified

  • Hardening

    v4 v5  
    7474The primary benefit is that an unauthenticated client cannot cause the same CPU/crypto load against a server as the junk traffic can be dropped much sooner. This can aid in mitigating denial-of-service attempts.
    7575
    76 This feature by itself does not improve the TLS auth in any way, although it offers a 2nd line of defense if a future flaw is discovered in a particular TLS cipher-suite. However, it offers no protection at all in the event of a complete cryptographic break that can allow decryption of a cipher-suite's traffic.
     76This feature by itself does not improve the TLS auth in any way, although it offers a 2nd line of defense if a future flaw is discovered in a particular TLS cipher-suite or implementation (such as CVE-2014-0160, Heartbleed, where the tls-auth key provided protection against attackers who did not have a copy). However, it offers no protection at all in the event of a complete cryptographic break that can allow decryption of a cipher-suite's traffic.
    7777
    7878Generate a PSK with: