Choosing a Reliable VPN: TLS Authentication, Connection Port, and Session Key.

MO
AutorMaxim Orlov
Atualizado: 14 de fevereiro de 2026
02 min

This is the third chapter dedicated to choosing a VPN, previously we have already discussed the choice of the number of VPN servers. Based on your tasks and expectations, you should have decided whether you need a Single VPN or a chain of VPN servers. We also reviewed protocols; I assume that most of you have settled on the OpenVPN protocol, which is a reasonable choice.

While we are currently discussing only the server side, in the future you will need to choose a program for your device that you will use to access the VPN.

But even before moving on to the choice of the program, we need to consider a number of parameters: TLS authentication, connection port, session key, encryption algorithm, key length, and data authentication.

While many are familiar with the number of servers and protocol selection, these indicators often appear daunting to non-specialists. But there is nothing complicated; I will try to explain each of them as clearly as possible.

TLS Authentication

Remember in the chapter on encryption I talked about Caesar's cipher? Let's say the Senate receives a messenger from Caesar, but how will the senators verify that this envoy is indeed from the emperor? Perhaps his cipher was intercepted by malicious actors, and they sent their own message encrypted with Caesar's key?

Imagine that the messenger knows some unique password, which, if named, will allow him to be accepted at the destination. This is roughly how TLS authentication works. The handshake packet (the "handshake" - the process of initiating interaction between the user and the VPN server) is signed with a special key known to the server. If the packet is not signed or the signature is incorrect, such a packet is ignored.

Many services claim TLS authentication as their advantage; it sounds solid, although in reality, it is more of an important necessity. It is a smokescreen for clients.

Connection Port

Let's return to Caesar again. He has sent an encrypted text to the messenger, who must deliver it to the Senate. The messenger has many paths he can take to reach the Senate. There are the most popular well-trodden roads, but if the enemy wants to intercept the message, they can block these roads. Even if the messenger is not intercepted, enemy scouts will certainly notice that Caesar is sending messengers to the Senate.

Útil?

Artigo anteriorChoosing a Protocol for VPN. Comparison of OpenVPN, PPTP, L2TP/IPsec, and IPsec IKEv2.Próximo artigoChoosing a Secure VPN: Encryption Algorithm, Key Length, and Data Authentication.

Fique por dentro

Inscreva-se para receber nossas atualizações e não perder nada.