From b9d1cb7f8aa3715349fbe17a22c5b561777f8701 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tobias=20Nie=C3=9Fen?= Date: Mon, 24 Jan 2022 20:50:37 +0100 Subject: [PATCH] doc: improve TLS/SSL introduction PR-URL: https://github.com/nodejs/node/pull/41649 Reviewed-By: Rich Trott Reviewed-By: Luigi Pinca Reviewed-By: Colin Ihrig Reviewed-By: Richard Lau Reviewed-By: Darshan Sen --- doc/api/tls.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/doc/api/tls.md b/doc/api/tls.md index d225b5b54f51e7..f454be2f6e4baf 100644 --- a/doc/api/tls.md +++ b/doc/api/tls.md @@ -16,8 +16,9 @@ const tls = require('tls'); ## TLS/SSL concepts -The TLS/SSL is a public/private key infrastructure (PKI). For most common -cases, each server must have a _private key_. +TLS/SSL is a set of protocols that rely on a public key infrastructure (PKI) to +enable secure communication between a client and a server. For most common +cases, each server must have a private key. Private keys can be generated in multiple ways. The example below illustrates use of the OpenSSL command-line interface to generate a 2048-bit RSA private @@ -129,8 +130,8 @@ servers can accommodate both, choosing either of them during the normal cipher negotiation step. TLS-PSK is only a good choice where means exist to securely share a -key with every connecting machine, so it does not replace PKI -(Public Key Infrastructure) for the majority of TLS uses. +key with every connecting machine, so it does not replace the public key +infrastructure (PKI) for the majority of TLS uses. The TLS-PSK implementation in OpenSSL has seen many security flaws in recent years, mostly because it is used only by a minority of applications. Please consider all alternative solutions before switching to PSK ciphers.