X-Git-Url: https://gitweb.stoutner.com/?p=PrivacyBrowserAndroid.git;a=blobdiff_plain;f=app%2Fsrc%2Fmain%2Fassets%2Fen%2Fguide_ssl_certificate_pinning.html;h=df3271bbfab622bbdf56c419e504031989b28cf8;hp=429eb8da1db5247aa3e63427644df3835b58551f;hb=b06ccc7ee187d3921b49fd89e80cb0fb6d47e9d9;hpb=6a240a3d02f43dae2ae30962958db6927a8bab2a diff --git a/app/src/main/assets/en/guide_ssl_certificate_pinning.html b/app/src/main/assets/en/guide_ssl_certificate_pinning.html index 429eb8da..df3271bb 100644 --- a/app/src/main/assets/en/guide_ssl_certificate_pinning.html +++ b/app/src/main/assets/en/guide_ssl_certificate_pinning.html @@ -44,18 +44,18 @@
When visiting an encrypted URL (one that begins with HTTPS), the webserver uses an SSL certificate to both encrypt the information sent to the browser and to identify the server. - The purpose of the server identification is to prevent a machine located between the browser and the webserver from intercepting the traffic in transit, pretending to be the server, and decrypting the information as it is passed along. - This type of attack is known as a Man In The Middle (MITM) attack. SSL certificates are generated by certificate authorities: companies that verify a serverâs identity and produce a certificate for a fee. + The purpose of the server identification is to prevent a machine located between the browser and the webserver from pretending to be the server and decrypting the information in transit. + This type of attack is known as a Man In The Middle (MITM) attack. SSL certificates are generated by certificate authorities: companies that verify a serverâs identity and produce a certificate for a fee. Android has a list of trusted certificate authorities, and will accept any of their certificates for any website. It isnât supposed to be possible for an organization to acquire an SSL certificate for a domain they do not control, but in practice many governments and large corporations have been able to do so.
-The purpose of SSL certificate pinning is to tell the browser that only one specific SSL certificate is to be trusted for a particular domain. Any other valid certificate will be rejected.
+The purpose of SSL certificate pinning is to tell the browser that only one specific SSL certificate is to be trusted for a particular domain. Any other certificate, even if it is valid, will be rejected.
SSL certificates expire on a specified date, so even pinned SSL certificates will legitimately need to be updated from time to time. As a general rule, pinning SSL certificates probably isnât needed in the majority of cases. - But for those connecting to their own servers, or for those who suspect that powerful organizations may be targeting them directly, SSL certificate pinning can detect and thwart a MITM attack.
+ But for those who suspect that powerful organizations may be targeting them, SSL certificate pinning can detect and thwart a MITM attack.