The initial key exchange of the TLS protocol performs authentication of the peers. In typical scenarios the server is authenticated to the client, and optionally the client to the server.
While many associate TLS with X.509 certificates and public key authentication, the protocol supports various authentication methods, including pre-shared keys, and passwords. In this chapter a description of the existing authentication methods is provided, as well as some guidance on which use-cases each method can be used at.
|• Certificate authentication:|
|• More on certificate authentication:|
|• Shared-key and anonymous authentication:|
|• Selecting an appropriate authentication method:|