0

I've looked around on this site and I've not seen a clear answer on this question.

From what I've read TLS does not provide data integrity unless specific ciphers are used which use HMAC'ing as part of the protocol. Is this correct, if so would it make sense to use specific ciphers where you need extra assurance on data integrity across systems?

What would be the benefit in using MAC/Digital Signatures in addition to TLS if TLS can provide data integrity?

user1876202
  • 159
  • 5
  • 1
    All pre-1.2 ciphersuites use HMAC in addition to the cipher (if any). Some 1.2 and all 1.3 ciphersuites use AEAD ciphers which _include_ a MAC: GCM, CCM, or ChaCha+Poly. No negotiable ciphersuite ever in TLS lacks integrity protection, so what you've read was wrong. – dave_thompson_085 Jan 18 '21 at 03:19
  • Would there be any benefit in doing an additional MAC/HMAC or Digital Signatures above and beyond what TLS does for the purposes of improving data integrity? – user1876202 Jan 18 '21 at 08:38
  • 1
    For integrity no. If you want to (be able to) prove to someone _else_ that the data came from the peer, TLS doesn't do that and signature would. (The handshake does or can authenticate the parties, but does NOT prove data origin; see https://security.stackexchange.com/questions/205074/is-it-possible-to-save-a-verifiable-log-of-a-tls-session and more linked there.) – dave_thompson_085 Jan 19 '21 at 08:01

0 Answers0