TLS 1.0 and 1.1 are pining for the fjords

2 views
Skip to first unread message

Kurt Buff

unread,
Mar 28, 2021, 2:43:08 PM3/28/21
to ntsys...@googlegroups.com, patchma...@googlegroups.com, ntexc...@googlegroups.com
TLS 1.1 was hanging on, with careful selection of cipher suites, but
has now been committed for final deprecation. TLS 1.2 is also not long
for this world.

https://tools.ietf.org/html/rfc8996

Abstract
This document formally deprecates Transport Layer Security (TLS)
versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those
documents have been moved to Historic status. These versions lack
support for current and recommended cryptographic algorithms and
mechanisms, and various government and industry profiles of
applications using TLS now mandate avoiding these old TLS versions.
TLS version 1.2 became the recommended version for IETF protocols in
2008 (subsequently being obsoleted by TLS version 1.3 in 2018),
providing sufficient time to transition away from older versions.
Removing support for older versions from implementations reduces the
attack surface, reduces opportunity for misconfiguration, and
streamlines library and product maintenance.

This document also deprecates Datagram TLS (DTLS) version 1.0 (RFC
4347) but not DTLS version 1.2, and there is no DTLS version 1.1.

This document updates many RFCs that normatively refer to TLS version
1.0 or TLS version 1.1, as described herein. This document also
updates the best practices for TLS usage in RFC 7525; hence, it is
part of BCP 195.


Kurt
Reply all
Reply to author
Forward
0 new messages