The National Institute of Standards and Technology (NIST) has updated their guidelines for the selection, configuration, and use of Transport Layer Security (TLS), originally document SP 800-52 which was first released in 2005.
One of the most important changes in SP 800-52 Rev. 1 are the recommendations that government servers and clients move to TLS 1.1 and 1.2, and adopt cipher suites with NIST approved algorithms to support 112-bit security strength and higher.
TLS is a standard developed by the Internet Engineering Task Force which specifies the way that clients and servers establish secure connections in to protect data that is exchanged, and is used by an array of common applications like email, web browsers, instant messaging and voice-over-IP (VOIP) services.
The Internet Engineering Task Force discovered there are certain vulnerabilities in TLS 1.0, which is one of the most widely used protocols, and subsequently released TLS 1.1 and TLS 1.2 to resolve many of the security issues identified.
“TLS 1.1 and 1.2 offer administrators a great number of options,” said NIST’s Andrew Regenscheid. “We make recommendations in SP 800-52 Rev. 1 on how to configure those options, including which algorithms to use and the length of cryptographic keys.”
The updated version can be downloaded at www.nist.gov/manuscript-publication-search.cfm?pub_id=915295.