IT Security Guidelines for Transport Layer Security (TLS)
These guidelines are intended to aid during procurement, set-up and review of configurations of the Transport Layer Security protocol (TLS). TLS is the most popular protocol to secure connections on the Internet.
TLS is also known by its older name, Secure Sockets Layer (SSL). TLS is applied in a large number of contexts. Well-known examples include web traffic (https), email traffic (IMAP and SMTP after STARTTLS) and certain types of virtual private networks (VPN).
Future-proof TLS configurations using TLS 1.3
NCSC-NL has decided to downgrade the security level of TLS 1.2 from Good to Sufficient. TLS 1.3, a considerable revision of TLS based on modern insights, remains Good. TLS 1.2 is less robust than TLS 1.3 with respect to evolving attack techniques.
There are two reasons. First, various elements of TLS 1.2 were not re-used in TLS 1.3 because they were found to be weak. Second, TLS 1.3 contains less fragile configuration options than TLS 1.2. This makes TLS 1.3 simpler to configure safely. These differences make several attack classes that work against TLS 1.2 no longer applicable to TLS 1.3.
Headline changes in version 2.1
- The security level of TLS 1.2 is downgraded from Good to Sufficient.
(guideline B1-1) - The requirements for the ordering of algorithm selections have been simplified. Only the security level now determines the prescribed ordering.
Do you use only Good algorithm selections? Then the server is no longer required to enforce its own ordering.
(guideline B2-5) - Supporting Client-initiated renegotation is no longer Insufficient, but Sufficient.
(guideline B8-1)