Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Second Draft of NIST's Transport Layer Security (TLS) Guidance Now Available for Comment
October 15, 2018

Transport Layer Security (TLS) provides mechanisms for protecting data during electronic dissemination across the Internet. Draft NIST Special Publication (SP) 800-52 Rev.2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations, provides guidance for selecting and configuring TLS protocol implementations using NIST-recommended cryptographic algorithms and Federal Information Processing Standards (FIPS). The document requires that government TLS servers and clients support TLS 1.2 configured with FIPS-based cipher suites.

This second draft extends the deadline by which agencies are urged to support TLS 1.3 to January 1, 2024. Moreover, it clarifies that TLS 1.3 is intended to coexist with TLS 1.2 rather than replace it. An appendix has also been added to discuss key exchange using RSA key transport and includes a list of cipher suites that may be used if a transition period is needed. The extensions guidance now clarifies which versions of TLS each extension applies to and provides guidance on the raw public keys extension.

A public comment period for this document is open until November 16, 2018.

Related Topics

Security and Privacy: cryptography, public key infrastructure

Technologies: networks

Applications: communications & wireless

Created October 15, 2018, Updated June 22, 2020