diff options
Diffstat (limited to 'doc/tex/ciphersuites.tex')
| -rw-r--r-- | doc/tex/ciphersuites.tex | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/doc/tex/ciphersuites.tex b/doc/tex/ciphersuites.tex index 134f9b62f1..7206738430 100644 --- a/doc/tex/ciphersuites.tex +++ b/doc/tex/ciphersuites.tex @@ -16,5 +16,12 @@ be described as a keyed hash algorithm. See RFC2104.} algorithm used for authent MAC\_SHA is used in the above example. \end{itemize} +The ciphersuite that will be used in the connection is negotiated at +the handshake procedure. However you must note that \tlsI does not always +negotiate the strongest available cipher suite. There are cases where +a man in the middle attacker could make the two entities negotiate +the least secure method they support. For that reason do not enable +ciphers and algorithms that you consider weak. + \addvspace{1.5cm} |