Factsheet TLS interception

TLS interception makes encrypted connections within the network of an organisation accessible for inspection. The use of this technical measure should be carefully considered in the light of additional risks and should meet a number of important preconditions.

The reason for using TLS interception is that evermore internet services and connections use TLS encryption. This safeguards the integrity and confidentiality of data transmitted and received. At the same time, it makes it more difficult for organisations to inspect internet traffic centrally in their network for malicious elements and confidential organisational data that leaves the organisation via the internet.

The NCSC recommends organisations that consider implementing TLS interception to conduct a review of compliance with legal requirements, covering at least the processing of personal data. In addition, it is necessary to make a thorough assessment of the usefulness and necessity of applying TLS interception in the context of other security measures. The TLS proxy must securely establish encrypted connections and be integrated within other security measures. Finally, it is important to properly secure the TLS proxy itself, because it is an attractive target.

Most important changes in version 1.1 (6 February 2020):

  • Reference to the final version of TLS 1.3 added
  • The definitions and requirements have been aligned with version 2.0 of the NCSC IT Security Guidelines for Transport Layer Security (TLS)
  • Minor textual adjustments