I have a certificate, with weak ciphers disable, following OWASP recommendations. My framework handles private data that can not be exposed. Is it enough to use TLS to secure the channel? Or should I use something besides TLS, like end-to-end encryption (e.g, use AEAD)?
Asked
Active
Viewed 172 times
1
-
It highly depends on the 'speed' expectations from the channel; if security is far more important than the speed, you first should try it (more secure one) in development environment, then apply it to the channel. – JackSparrow Oct 03 '17 at 16:39
-
I'm assuming since you suggest end-to-end encryption that your application doesn't need to access the decrypted private data? It's not really clear to me from the question. I'm also not sure why you're equating AEAD with end-to-end encryption. – AndrolGenhald Oct 03 '17 at 16:50