diff --git a/docs/faq.rst b/docs/faq.rst index e0051859..8c41b36f 100644 --- a/docs/faq.rst +++ b/docs/faq.rst @@ -53,9 +53,12 @@ checksums. This manifest file is used to verify the integrity of each backup. When backing up to remote servers, do I have to trust the remote server? ------------------------------------------------------------------------ -Proxmox Backup Server supports client-side encryption, meaning your data is -encrypted before it reaches the server. Thus, in the event that an attacker -gains access to the server, they will not be able to read the data. +Proxmox Backup Server transfers data via `Transport Layer Security (TLS) +`_ and additionally +supports client-side encryption. This means that data is transferred securely +and can be encrypted before it reaches the server. Thus, in the event that an +attacker gains access to the server or any point of the network, they will not +be able to read the data. .. note:: Encryption is not enabled by default. To set up encryption, see the `Encryption diff --git a/docs/introduction.rst b/docs/introduction.rst index 20c29602..8df1f691 100644 --- a/docs/introduction.rst +++ b/docs/introduction.rst @@ -14,11 +14,12 @@ It supports deduplication, compression, and authenticated encryption (AE_). Using :term:`Rust` as the implementation language guarantees high performance, low resource usage, and a safe, high-quality codebase. -Proxmox Backup uses state of the art cryptography for client communication and -backup content :ref:`encryption `. Encryption is done on the -client side, making it safer to back up data to targets that are not fully -trusted. - +Proxmox Backup uses state of the art cryptography for both client-server +communication and backup content :ref:`encryption `. All +client-server communication uses `TLS +`_, and backup data can +be encrypted on the client-side before sending, making it safer to back up data +to targets that are not fully trusted. Architecture ------------ @@ -65,8 +66,9 @@ Main Features several gigabytes of data per second. :Encryption: Backups can be encrypted on the client-side, using AES-256 in - Galois/Counter Mode (GCM_) mode. This authenticated encryption (AE_) mode - provides very high performance on modern hardware. + Galois/Counter Mode (GCM_). This authenticated encryption (AE_) mode + provides very high performance on modern hardware. In addition to client-side + encryption, all data is transferred via a secure TLS connection. :Web interface: Manage the Proxmox Backup Server with the integrated, web-based user interface.