28 Eylül 2023 Perşembe

Mutual TLS - mTLS

Giriş
Açıklaması şöyle
mTLS helps ensure that the traffic is secure and trusted in both directions between a client and server. This provides an additional layer of security for users who log in to an organization’s network or applications. It also verifies connections with client devices that do not follow a login process, such as Internet of Things (IoT) devices.

Nowadays, mTLS is commonly used by microservices or distributed systems in a zero trust security model to verify each other.
Yani TLS client authentication veya istemcinin kendi sertifikasını sunması demek. Açıklaması şöyle. Eskiden genellikle VPN gibi kapalı ağlarda kullanılıyordu.
TLS client authentication (requiring clients to present certs) is something you usually see on VPN servers, enterprise WPA2 WiFi access points, and corporate intranets. These are all closed systems where the sysadmin has full control over issuing certs to users, and they use this to control which users have access to which resources. This makes no sense in a public website setting, and is definitely a non-standard config for an HTTPS webserver.
İstemci Sertifikası Şifreleme İçin Kullanılmaz
Açıklaması şöyle
The certificate of the client is only used to authenticate the client. It is not used in key exchange which happens before the client even sends the certificate and proves ownership of the private key. The client certificates is thus neither directly nor indirectly included in the traffic encryption or MAC

Hiç yorum yok:

Yorum Gönder