Revisi per 4 Juni 2020 06.11 sunting PinkDash (bicara \| kontrib) Pengecualian blokir IP, Peninjau 14.640 suntingan k Membalikkan revisi 17040265 oleh Aldiagung (bicara) BUGGGG Tag: Pembatalan ← Revisi sebelumnya		Revisi per 4 Juni 2020 06.13 sunting balikkan PinkDash (bicara \| kontrib) Pengecualian blokir IP, Peninjau 14.640 suntingan →Algoritma Tag: VisualEditor-alih Revisi selanjutnya →
Baris 132: Sertifikat kunci publik yang digunakan selama pertukaran / perjanjian juga bervariasi dalam ukuran kunci enkripsi publik / swasta yang digunakan selama pertukaran dan karenanya ketahanan keamanan yang diberikan. Pada Juli 2013, [[Google]] mengumumkan bahwa mereka tidak akan lagi menggunakan kunci publik 1024-bit dan akan beralih ke kunci 2048-bit untuk meningkatkan keamanan enkripsi TLS yang diberikannya kepada penggunanya karena kekuatan enkripsi terkait langsung dengan ukuran kunci.<ref>{{Cite web\|url=https://www.computing.co.uk/news/2285984/google-updates-ssl-certificates-to-2048bit-encryption\|title=Google updates SSL certificates to 2048-bit encryption\|date=2013-07-31\|website=www.computing.co.uk\|language=en\|access-date=2020-05-30}}</ref> {\| class="wikitable" style="text-align:center" \|+ Pertukaran kunci / perjanjian dan otentikasi ! Algorithm !! SSL 2.0 !! SSL 3.0 !! TLS 1.0 !! TLS 1.1 !! TLS 1.2 !! TLS 1.3!! Status \|- ! {{Depends\|[[RSA (cryptosystem)\|RSA]]}} \| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{N/A\|No}} \|\| rowspan="19"\| Defined for TLS 1.2 in RFCs \|- !{{Depends\|[[Diffie–Hellman key exchange\|DH]]-[[RSA (cryptosystem)\|RSA]]}} \| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{N/A\|No}} \|- !{{Good\|[[Diffie–Hellman key exchange\|DHE]]-[[RSA (cryptosystem)\|RSA]] ([[#Forward secrecy\|forward secrecy]])}} \| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|- !{{Depends\|[[Elliptic-curve Diffie–Hellman\|ECDH]]-[[RSA (cryptosystem)\|RSA]]}} \| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{N/A\|No}} \|- !{{Good\|[[Elliptic-curve Diffie–Hellman\|ECDHE]]-[[RSA (cryptosystem)\|RSA]] ([[#Forward secrecy\|forward secrecy]])}} \| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|- !{{Depends\|[[Diffie–Hellman key exchange\|DH]]-[[Digital Signature Algorithm\|DSS]]}} \| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{N/A\|No}} \|- !{{Good\|[[Diffie–Hellman key exchange\|DHE]]-[[Digital Signature Algorithm\|DSS]] ([[#Forward secrecy\|forward secrecy]])}} \| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{N/A\|No}}<ref>{{cite web\|url=https://www.ietf.org/mail-archive/web/tls/current/msg17680.html\|title=Consensus: remove DSA from TLS 1.3\|date=September 17, 2015\|author=Sean Turner\|url-status=live\|archiveurl=https://web.archive.org/web/20151003193113/http://www.ietf.org/mail-archive/web/tls/current/msg17680.html\|archivedate=October 3, 2015\|df=}}</ref> \|- !{{Depends\|[[Elliptic-curve Diffie–Hellman\|ECDH]]-[[Elliptic Curve DSA\|ECDSA]]}} \| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{N/A\|No}} \|- !{{Good\|[[Elliptic-curve Diffie–Hellman\|ECDHE]]-[[Elliptic Curve DSA\|ECDSA]] ([[#Forward secrecy\|forward secrecy]])}} \| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|- !{{Depends\|[[TLS-PSK\|PSK]]}} \| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| \|- !{{Depends\|[[Pre-shared key\|PSK]]-[[RSA (cryptosystem)\|RSA]]}} \| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| \|- !{{Good\|[[Diffie–Hellman key exchange\|DHE]]-[[Pre-shared key\|PSK]] ([[#Forward secrecy\|forward secrecy]])}} \| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|- !{{Good\|[[Elliptic-curve Diffie–Hellman\|ECDHE]]-[[Pre-shared key\|PSK]] ([[#Forward secrecy\|forward secrecy]])}} \| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|- !{{Depends\|[[TLS-SRP\|SRP]]}} \| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| \|- !{{Depends\|[[Secure Remote Password protocol\|SRP]]-[[Digital Signature Algorithm\|DSS]]}} \| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| \|- !{{Depends\|[[Secure Remote Password protocol\|SRP]]-[[RSA (cryptosystem)\|RSA]]}} \| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| \|- !{{Depends\|[[Kerberos (protokol)\|Kerberos]]}} \| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| \|- ! {{Bad\|[[Diffie–Hellman key exchange\|DH]]-ANON (tidak aman)}} \| {{N/a\|No}} \|\| {{No\|Yes}} \|\| {{No\|Yes}} \|\| {{No\|Yes}} \|\| {{No\|Yes}} \|\| \|- ! {{Bad\|[[Elliptic-curve Diffie–Hellman\|ECDH]]-ANON (tidak aman)}} \| {{N/a\|No}} \|\| {{N/a\|No}} \|\| {{No\|Yes}} \|\| {{No\|Yes}} \|\| {{No\|Yes}} \|\| \|- !{{Good\|[[GOST\|GOST R 34.10-94 / 34.10-2001]]<ref name=gostlink>[//tools.ietf.org/html/draft-chudov-cryptopro-cptls-04 draft-chudov-cryptopro-cptls-04 – GOST 28147-89 Cipher Suites for Transport Layer Security (TLS)]</ref>}} \| {{No}} \|\| {{No}} \|\| {{Yes}} \|\| {{Yes}} \|\| {{Yes}} \|\| \| Proposed in RFC drafts \|} == Dukungan untuk server virtual berbasis nama ==

Keamanan Lapisan Transportasi: Perbedaan antara revisi