Date Published: October 2018
Comments Due: November 16, 2018
Email Comments to: sp80052-comments@nist.gov
Author(s)
Kerry McKay (NIST), David Cooper (NIST)
Announcement
Draft SP 800-52 Revision 2 provides guidance for selecting and configuring Transport Layer Security (TLS) protocol implementations that utilize NIST-recommended cryptographic algorithms and Federal Information Processing Standards (FIPS). This second draft extends the deadline by which agencies are urged to support TLS 1.3 to January 1, 2024. Moreover, it clarifies that TLS 1.3 is intended to coexist with TLS 1.2 rather than replace it. An appendix has also been added to discuss key exchange using RSA key transport and includes a list of cipher suites that may be used if a transition period is needed. The extensions guidance now clarifies which versions of TLS each extension applies to and provides guidance on the raw public keys extension.
Transport Layer Security (TLS) provides mechanisms to protect data during electronic dissemination across the Internet. This Special Publication provides guidance to the selection and configuration of TLS protocol implementations while making effective use of Federal Information Processing Standards (FIPS) and NIST-recommended cryptographic algorithms. It requires that TLS 1.2 configured with FIPS-based cipher suites be supported by all government TLS servers and clients and requires support of TLS 1.3 by January 1, 2024. This Special Publication also provides guidance on certificates and TLS extensions that impact security.
Transport Layer Security (TLS) provides mechanisms to protect data during electronic dissemination across the Internet. This Special Publication provides guidance to the selection and configuration of TLS protocol implementations while making effective use of Federal Information Processing...
See full abstract
Transport Layer Security (TLS) provides mechanisms to protect data during electronic dissemination across the Internet. This Special Publication provides guidance to the selection and configuration of TLS protocol implementations while making effective use of Federal Information Processing Standards (FIPS) and NIST-recommended cryptographic algorithms. It requires that TLS 1.2 configured with FIPS-based cipher suites be supported by all government TLS servers and clients and requires support of TLS 1.3 by January 1, 2024. This Special Publication also provides guidance on certificates and TLS extensions that impact security.
Hide full abstract
Keywords
information security; network security; SSL; TLS; Transport Layer Security
Control Families
System and Communications Protection;