March 25th, 2013, 02:19 PM
HTTPS and "Authenticated Encryption"
I am not sure whether this question makes even sense, but here it is: Does the standard HTTPS communication provide "authenticated encryption" (AE) ? I am talking about simply using some library like HttpClient and establishing a connection with some peer endpoint via HTTPS. Or even about the case of standard internet browseres... When I go to a HTTPS-type of a URL and - say - POST some data, is the data communicated via a crypto providing AE?
March 26th, 2013, 10:24 PM
To partially answer my own question, the "authenticated encryption" support was built into TLS 1.2 - see "Transport_Layer_Security#TLS_1.2" in wikipedia.
This still doesn't really answer the question whether TLS 1.2 is used when I connect to some HTTPS site via - say - Firefox...