Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

Second Draft of NIST's Transport Layer Security (TLS) Guidance Now Available for Comment
October 15, 2018

Transport Layer Security (TLS) provides mechanisms for protecting data during electronic dissemination across the Internet. Draft NIST Special Publication (SP) 800-52 Rev.2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations, provides guidance for selecting and configuring TLS protocol implementations using NIST-recommended cryptographic algorithms and Federal Information Processing Standards (FIPS). The document requires that government TLS servers and clients support TLS 1.2 configured with FIPS-based cipher suites.

This second draft extends the deadline by which agencies are urged to support TLS 1.3 to January 1, 2024. Moreover, it clarifies that TLS 1.3 is intended to coexist with TLS 1.2 rather than replace it. An appendix has also been added to discuss key exchange using RSA key transport and includes a list of cipher suites that may be used if a transition period is needed. The extensions guidance now clarifies which versions of TLS each extension applies to and provides guidance on the raw public keys extension.

A public comment period for this document is open until November 16, 2018.

Created October 15, 2018, Updated October 17, 2018