Update articles/iot-hub/iot-hub-tls-support.md

namehra · kgremban · web-flow · commit 2b8ed16b1bc7 · 2023-01-10T13:46:35.000-06:00
Co-authored-by: Kelly Gremban &lt;kgremban@microsoft.com&gt;
diff --git a/articles/iot-hub/iot-hub-tls-support.md b/articles/iot-hub/iot-hub-tls-support.md
@@ -130,7 +130,7 @@ After a successful TLS handshake, IoT Hub can authenticate a device using a symm
 
 Mutual TLS authentication ensures that the client _authenticates_ the server certificate and the server _authenticates_ the [X.509 client certificate or X.509 Thumbprint](tutorial-x509-introduction). _Authorization_ is performed by IoT Hub after _authentication_ is complete. 
 
-For AMQP and MQTT protocols the server will request a client certificate in the initial TLS handshake. If one is provided, client certificate is _authenticated_ along with the client _authenticating_ the server certificate (mutual TLS _authentication_). When IoT Hub receives an MQTT connect packet or an AMQP link open, IoT Hub performs _authorization_ for the requesting client and determines if the client requires X.509 _authentication_. If mutual TLS _authentication_ was completed AND the client is _authorized_ to connect as the device, it is allowed. However, if the client requires X.509 _authentication_ and mutual TLS _authentication_ was NOT completed during the initial handshake then IoT Hub will initiate a new TLS handshake requiring client _authentication_. Once the mutual TLS _authentication_ is complete, IoT Hub will perform _authorization_ again with the now _authenticated_ client. 
+For AMQP and MQTT protocols, the server requests a client certificate in the initial TLS handshake. If one is provided, then the server _authenticates_ the client certificate and the client _authenticates_ the server certificate. This process is called mutual TLS authentication. When IoT Hub receives an MQTT connect packet or an AMQP link opens, IoT Hub performs _authorization_ for the requesting client and determines if the client requires X.509 authentication. If mutual TLS authentication was completed and the client is authorized to connect as the device, it is allowed. However, if the client requires X.509 authentication and mutual TLS authentication was not completed during the initial handshake, then IoT Hub initiates a new TLS handshake requiring client authentication. Once the mutual TLS authentication is complete, IoT Hub performs _authorization_ again with the now _authenticated_ client. 
 
 For HTTP protocol, the server doesn't request a client certificate in the initial TLS handshake. Once the client makes its first request, then the server checks if the client requires X.509 authentication. If so, IoT Hub initiates a new TLS handshake requiring client authentication. Once the mutual TLS authentication is complete, IoT Hub performs _authorization_ with the _authenticated_ client. 
 
