1a84c758e1
Co-authored-by: hendrik-buchwald-sonarsource <64110887+hendrik-buchwald-sonarsource@users.noreply.github.com>
22 lines
882 B
Plaintext
22 lines
882 B
Plaintext
As a rule of thumb, by default you should use the cryptographic algorithms and
|
|
mechanisms that are considered strong by the cryptographic community.
|
|
|
|
The best choices at the moment are the following.
|
|
|
|
==== Use TLS v1.2 or TLS v1.3
|
|
Even though TLS V1.3 is available, using TLS v1.2 is still considered good and
|
|
secure practice by the cryptography community. +
|
|
|
|
The use of TLS v1.2 ensures compatibility with a wide range of platforms and
|
|
enables seamless communication between different systems that do not yet have
|
|
TLS v1.3 support.
|
|
|
|
The only drawback depends on whether the framework used is outdated: its TLS
|
|
v1.2 settings may enable older and insecure cipher suites that are deprecated
|
|
as insecure.
|
|
|
|
On the other hand, TLS v1.3 removes support for older and weaker cryptographic
|
|
algorithms, eliminates known vulnerabilities from previous TLS versions, and
|
|
improves performance.
|
|
|