Transport Layer Security (TLS) 3 December 2014

NIST Revised Guide for TLS Implementations


The National Institute of Standards and Technology(NIST) has released new guidelines for the deployment of Transport Layer Security(TLS) for secure applications.

The document is entitled NIST Special Publication 800-52 Revision 1: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations.

This new document updates requirements for secure applications and United States Federal information to TLS version 1.2 as described in IETF RFC 5246. The crux of the update is this:

“[This document] requires that TLS 1.1 be configured with cipher suites using Approved schemes and algorithms as the minimum appropriate secure transport protocol1. It also recommends that agencies develop migration plans to TLS 1.2, configured using Approved schemes and algorithms, by January 1, 2015. When interoperability with non-government systems is required, TLS 1.0 may be supported.”

There’s also this gem:

[B]ecause SSL 3.0 is not approved for use in the protection of Federal information [..], TLS must be properly configured to ensure that the negotiation and use of SSL 3.0 never occurs when Federal information is to be protected.

The message from the US Federal Government could not be more clear, “SSL, you are dead to me, long live TLS!” To read more about this document visit the NIST’s page on this update.

If you would like to get started with building applications with TLS, please visit our TLS for Applications resources or see our blog articles on TLS for Applications.

Related articles

Improving Technical Security 16 April 2019

Best Practices: Infrastructure Security

Optimize TLS implementation using information gleaned from public tools. This includes eliminating use of insecure ciphers and older, insecure...

Building Trust 2 October 2017

Transport Layer Security (TLS) for Email

Email is effectively a plaintext communication sent from email clients to receiving email servers or from one server to...

Transport Layer Security (TLS) 11 July 2014

TLS Developer Libraries

To make the Internet more secure, Transport Layer Security (TLS), the successor to Secure Sockets Layer (SSL) needs to...