Changes between Version 4 and Version 5 of Hardening
- Timestamp:
- 04/15/14 00:31:45 (10 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
Hardening
v4 v5 74 74 The primary benefit is that an unauthenticated client cannot cause the same CPU/crypto load against a server as the junk traffic can be dropped much sooner. This can aid in mitigating denial-of-service attempts. 75 75 76 This feature by itself does not improve the TLS auth in any way, although it offers a 2nd line of defense if a future flaw is discovered in a particular TLS cipher-suite . However, it offers no protection at all in the event of a complete cryptographic break that can allow decryption of a cipher-suite's traffic.76 This feature by itself does not improve the TLS auth in any way, although it offers a 2nd line of defense if a future flaw is discovered in a particular TLS cipher-suite or implementation (such as CVE-2014-0160, Heartbleed, where the tls-auth key provided protection against attackers who did not have a copy). However, it offers no protection at all in the event of a complete cryptographic break that can allow decryption of a cipher-suite's traffic. 77 77 78 78 Generate a PSK with: