Future-proof configurations using the updated TLS guidelines
NCSC-NL publishes an update to the IT security guidelines for Transport Layer Security (TLS). The secure configuration of TLS is important to safeguard connectivity on the internet. Ask your supplier to support TLS 1.3 as part of a future-proof TLS configuration.
Transport Layer Security (TLS) is the most popular protocol to secure connections on the internet. The secure configuration of TLS is important to secure network connections. Well known examples include web traffic (https), e-mail traffic (IMAP and SMTP after STARTTLS) and certain types of virtual private networks (VPN).
The guidelines are intended to aid during procurement, set-up and review of configurations of the TLS protocol. Organisations that procure IT systems can refer to this publication when stating their requirements.
Future-proof TLS configurations using TLS 1.3
NCSC-NL has decided to downgrade the security level of TLS 1.2 from Good to Sufficient. TLS 1.3, a considerable revision of TLS based on modern insights, remains Good. NCSC-NL thus considers TLS 1.2 to be a secure, but less future proof option than TLS 1.3. Configurations that met the guidelines from 2019 (v2.0) still meet the requirements in this update (v2.1).
Ask your supplier to support TLS 1.3 as part of a future-proof TLS configuration
TLS 1.3 is now widely supported in recent versions of software libraries. The update of the TLS guidelines presents an opportunity to ask your supplier to support TLS 1.3. Spending time up front to future-proof configurations enables organisations to focus on the threats that deserve daily attention.