Update articles/iot-hub/iot-hub-tls-support.md

namehra · kgremban · web-flow · commit 5cfc9d180843 · 2023-01-10T13:46:26.000-06:00
Co-authored-by: Kelly Gremban &lt;kgremban@microsoft.com&gt;
diff --git a/articles/iot-hub/iot-hub-tls-support.md b/articles/iot-hub/iot-hub-tls-support.md
@@ -128,7 +128,7 @@ After a successful TLS handshake, IoT Hub can authenticate a device using a symm
 
 ## Mutual TLS authentication support
 
-Mutual TLS authentication ensures the client _authenticates_ the server certificate AND the server _authenticates_ the [X.509 client certificate or X.509 Thumbprint](tutorial-x509-introduction). _Authorization_ is performed by IoT Hub after _authentication_ is complete. 
+Mutual TLS authentication ensures that the client _authenticates_ the server certificate and the server _authenticates_ the [X.509 client certificate or X.509 Thumbprint](tutorial-x509-introduction). _Authorization_ is performed by IoT Hub after _authentication_ is complete. 
 
 For AMQP and MQTT protocols the server will request a client certificate in the initial TLS handshake. If one is provided, client certificate is _authenticated_ along with the client _authenticating_ the server certificate (mutual TLS _authentication_). When IoT Hub receives an MQTT connect packet or an AMQP link open, IoT Hub performs _authorization_ for the requesting client and determines if the client requires X.509 _authentication_. If mutual TLS _authentication_ was completed AND the client is _authorized_ to connect as the device, it is allowed. However, if the client requires X.509 _authentication_ and mutual TLS _authentication_ was NOT completed during the initial handshake then IoT Hub will initiate a new TLS handshake requiring client _authentication_. Once the mutual TLS _authentication_ is complete, IoT Hub will perform _authorization_ again with the now _authenticated_ client. 
 
