IT Security Guidelines for Transport Layer Security (TLS)

These guidelines are intended to aid during procurement, set-up and review of configurations of the Transport Layer Security protocol (TLS). TLS is the most popular protocol to secure connections on the Internet.

Transport Layer Security (TLS) is a protocol for the establishment and use of a cryptographically secured connection between two computer systems, a client and a server. TLS is also known by its older name, Secure Sockets Layer (SSL). TLS is applied in a large number of contexts. Well-known examples include web traffic (https), email traffic (IMAP and SMTP after STARTTLS) and certain types of virtual private networks (VPN).

These guidelines are technical in nature. They help an organisation choose between all possible configurations of TLS to arrive at a secure configuration. An administrator or supplier then applies this configuration.

This publication is also available in Dutch.

Date of last validation: May 23, 2019.