NSA Recommends the Use of TLS 1.2 or TLS 1.3 as Other TLS Versions Prove Obsolete

Delicate and significant information requires solid securities inside electronic frameworks and transmissions. Ensured transmissions utilize a private, secure channel between a server and a client to communicate. Transport Layer Security (TLS) and Secure Sockets Layer 2 (SSL 2.0) were created as conventions to make these ensured channels utilize encryption and overall authentication. Older versions of these protocols are now weak and have depleted in many already existing services and applications online.

Over time, It was discovered that new methods of attacks against TLS and its known algorithms became rampant, and for this reason, the NSA has recommended that only TLS 1.2 and TLS 1.3 should be used, rendering SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 redundant. The agency’s first step was to identify obsolete configurations still in use in government systems across the USA by highlighting clients and servers using the older TLS versions and then make test runs with old cipher codes and weak key exchange methods.

Steps for remediation have also been suggested for security experts and analysts, depending on the organization, network monitoring devices can be set up to give alerts to clients or servers that bargain obsolete TLS or want to use it to block weak TLS traffic. It is also worth mentioning that TLS is dependent on the right use of certificates. The use of compromised, weak, or revoked certificates can lead to attacks even with the protocol properly implemented. The use of this guidance will ensure that cybersecurity experts and government network owners will make informed and improved decisions to reduce their risk exposure and hinder incoming malicious threats.

The agency also added that “Using obsolete encryption provides a false sense of security because it may look as though sensitive data is protected, even though it really is not”.

“This will also help organizations prepare for cryptographic agility to always stay ahead of malicious actors’ abilities and protect important information. Using obsolete encryption provides a false sense of security because it may look as though sensitive data is protected, even though it really is not,” the NSA makes mention.

Supported Protocols and Obsolete Protocols in a nutshell

• TLS 1.2 (Supported)
• TLS 1.3 (Supported)
• TLS 1.0 (Not Supported)
• TLS 1.1 (Not Supported)
• SSL v2 (Not Supported)
• SSL v3 (Not Supported)

In other similar news, the Dutch National Cyber Security Centre (NCSC) also provided an update future-proofing the TLS configurations using TLS 1.3, aimed at securing network connections.