OLD
This document describes the use of a static elliptic-curve Diffie-
Hellman (ECDHE) private key by servers for use in TLS 1.3 sessions
internal to an enterprise network. In Figure 1, the Web Servers use
a static ECDHE key pair with the standard TLS 1.3 handshake for
connections from the Load Balancer, and the Back-End Services use
static ECDHE for connections from the Web Servers. The Load Balancer
uses ephemeral (EC)DHE key pairs with the standard TLS 1.3 handshake
for connections from external Browsers over the Internet, to provide
Forward Secrecy on those connections that are exposed to third-party
monitoring.
NEW
This document describes the use of a static (elliptic-curve) Diffie-
Hellman (static (EC)DHE) private key by servers for use in TLS 1.3 sessions
internal to an enterprise network where network monitoring is required. In Figure 1, the Web Servers use
a static (EC)DHE) key pair with the standard TLS 1.3 handshake for
connections from the Load Balancer, and the Back-End Services use
static (EC)DHE) for connections from the Web Servers. The Load Balancer
uses ephemeral (EC)DHE key pairs with the standard TLS 1.3 handshake
for connections from external Browsers over the Internet, to provide
Forward Secrecy on those connections that are exposed to third-party
monitoring.
OLD This document describes the use of a static elliptic-curve Diffie- Hellman (ECDHE) private key by servers for use in TLS 1.3 sessions internal to an enterprise network. In Figure 1, the Web Servers use a static ECDHE key pair with the standard TLS 1.3 handshake for connections from the Load Balancer, and the Back-End Services use static ECDHE for connections from the Web Servers. The Load Balancer uses ephemeral (EC)DHE key pairs with the standard TLS 1.3 handshake for connections from external Browsers over the Internet, to provide Forward Secrecy on those connections that are exposed to third-party monitoring.
NEW This document describes the use of a static (elliptic-curve) Diffie- Hellman (static (EC)DHE) private key by servers for use in TLS 1.3 sessions internal to an enterprise network where network monitoring is required. In Figure 1, the Web Servers use a static (EC)DHE) key pair with the standard TLS 1.3 handshake for connections from the Load Balancer, and the Back-End Services use static (EC)DHE) for connections from the Web Servers. The Load Balancer uses ephemeral (EC)DHE key pairs with the standard TLS 1.3 handshake for connections from external Browsers over the Internet, to provide Forward Secrecy on those connections that are exposed to third-party monitoring.