‹ Back
Transport Layer Security (TLS) 3 December 2014

NIST Revised Guide for TLS Implementations


The National Institute of Standards and Technology(NIST) has released new guidelines for the deployment of Transport Layer Security(TLS) for secure applications.

The document is entitled NIST Special Publication 800-52 Revision 1: Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations.

This new document updates requirements for secure applications and United States Federal information to TLS version 1.2 as described in IETF RFC 5246. The crux of the update is this:

“[This document] requires that TLS 1.1 be configured with cipher suites using Approved schemes and algorithms as the minimum appropriate secure transport protocol1. It also recommends that agencies develop migration plans to TLS 1.2, configured using Approved schemes and algorithms, by January 1, 2015. When interoperability with non-government systems is required, TLS 1.0 may be supported.”

There’s also this gem:

[B]ecause SSL 3.0 is not approved for use in the protection of Federal information [..], TLS must be properly configured to ensure that the negotiation and use of SSL 3.0 never occurs when Federal information is to be protected.

The message from the US Federal Government could not be more clear, “SSL, you are dead to me, long live TLS!” To read more about this document visit the NIST’s page on this update.

If you would like to get started with building applications with TLS, please visit our TLS for Applications resources or see our blog articles on TLS for Applications.

‹ Back
Join the conversation with Internet Society members around the world