TLS Configuration
In this lesson, we will study TLS and learn how to configure it properly.
We'll cover the following...
TLS: Encryption in transit
So far, the encryption we’ve discussed is for encryption at rest—that is, the encryption we use when storing or retrieving data. We also need to consider encryption in transit, the encryption used to protect data sent over the network. Just as we don’t want to write our own crypto for encryption at rest, we shouldn’t write our own crypto for encryption in transit. We use the same criteria we used earlier in this chapter—use a trustworthy implementation of well-researched algorithms.
Today, the best candidate we have for encryption in transit is TLS 1.3. At the time of this writing, TLS 1.3 support isn’t pervasive, however, so you may need to use TLS 1.2 in the short term. That’s ok; properly configured TLS 1.2 is a strong choice as well. But going forward, your preference should be to use TLS 1.3 and only use TLS 1.2 if you depend on software ...