# Revision history [back]

To be able to prevent _man-in-the-middle_ attacks when using ECDHE, it is important that both end points should authenticate with each other.

Without prior authentication, leveraging the master / session key will not avoid _main-in-the-middle_ attacks.

To be able to prevent _man-in-the-middle_ man-in-the-middle attacks when using ECDHE, it is important that both end points should authenticate with each other.

Without prior authentication, leveraging the master / session key will not avoid _main-in-the-middle_ main-in-the-middle attacks.