X-Git-Url: https://gitweb.stoutner.com/?a=blobdiff_plain;f=app%2Fsrc%2Fmain%2Fassets%2Fen%2Fguide_ssl_certificate_pinning.html;h=a06431bd7d5e3f9a1403e622c01550a0727bdbce;hb=50f4ecfbf5ad47a210ba5b24ebf53545c8112aaa;hp=429eb8da1db5247aa3e63427644df3835b58551f;hpb=6a240a3d02f43dae2ae30962958db6927a8bab2a;p=PrivacyBrowserAndroid.git diff --git a/app/src/main/assets/en/guide_ssl_certificate_pinning.html b/app/src/main/assets/en/guide_ssl_certificate_pinning.html index 429eb8da..a06431bd 100644 --- a/app/src/main/assets/en/guide_ssl_certificate_pinning.html +++ b/app/src/main/assets/en/guide_ssl_certificate_pinning.html @@ -41,21 +41,21 @@
-When visiting an encrypted URL (one that begins with HTTPS), the webserver uses an SSL certificate to both encrypt the information sent to the browser and to identify the server. - The purpose of the server identification is to prevent a machine located between the browser and the webserver from intercepting the traffic in transit, pretending to be the server, and decrypting the information as it is passed along. - This type of attack is known as a Man In The Middle (MITM) attack. SSL certificates are generated by certificate authorities: companies that verify a serverâs identity and produce a certificate for a fee. + The purpose of the server identification is to prevent a machine located between the browser and the webserver from pretending to be the server and decrypting the information in transit. + This type of attack is known as a Man In The Middle (MITM) attack. SSL certificates are generated by certificate authorities: companies that verify a serverâs identity and produce a certificate for a fee. Android has a list of trusted certificate authorities, and will accept any of their certificates for any website. It isnât supposed to be possible for an organization to acquire an SSL certificate for a domain they do not control, but in practice many governments and large corporations have been able to do so.
-The purpose of SSL certificate pinning is to tell the browser that only one specific SSL certificate is to be trusted for a particular domain. Any other valid certificate will be rejected.
+The purpose of SSL certificate pinning is to tell the browser that only one specific SSL certificate is to be trusted for a particular domain. Any other certificate, even if it is valid, will be rejected.
SSL certificates expire on a specified date, so even pinned SSL certificates will legitimately need to be updated from time to time. As a general rule, pinning SSL certificates probably isnât needed in the majority of cases. - But for those connecting to their own servers, or for those who suspect that powerful organizations may be targeting them directly, SSL certificate pinning can detect and thwart a MITM attack.
+ But for those who suspect that powerful organizations may be targeting them, SSL certificate pinning can detect and thwart a MITM attack.