U.S. federal government agencies are being told they should move to TLS 1.2 by the beginning of 2015.
The National Institute for Standards and Technology, NIST, recently released NIST Special Publication 800-52 Revision 1, which includes the final public comments made since SP 800-52 was withdrawn last March and a new draft was submitted late last year. NIST SP 800-52 is nine years old and had not sufficiently been updated since to comprehensively address known vulnerabilities in the standard and in implementations. Revision 1 acts as an update to the NIST standard, which is used by agencies in the selection, configuration and use of TLS.
TLS secures sensitive data in transport by encrypting the network tunnels along which information moves. TLS 1.2 has updated a number of risky security vulnerabilities in how TLS is implemented, the NIST document said.
NIST said it hopes adoption of the guidelines will promote the use of updated, NIST-approved ciphersuites and algorithms, improve the consistency of authentication mechanisms protecting data transport, in addition to defending against known attacks targeting TLS.
NIST also hopes that consistent government adoption of these recommendations will trickle down and serve as an example for the private sector.
“While these guidelines are primarily designed for Federal users and system administrators to adequately protect sensitive but unclassified U.S. Federal Government data against serious threats on the Internet, they may also be used within closed network environments to segregate data,” the report said.
It seems that attacks and vulnerabilities in long-trusted encryption protocols have been elevated to the summit of security concerns. Not only have multitude of allegations made in the leaked Snowden documents cast doubts on the integrity of encryption capabilities, but massive Internet-wide bugs such as Heartbleed, GnuTLS and the Apple GoToFail bug have further shaken trust in the security of Internet.
The NIST document, published last week, gives agencies guidance in purchasing and implementing TLS under the coverage of FIPS- and NIST-approved crypto algorithms. TLS 1.1 configured with a FIPS-based ciphersuite is the minimum secure transport protocol allowed, the document says.
The document describes the minimum requirements for TLS servers and clients, including protocol version support, client keys and certificates, cryptographic support, TLS extension support, client authentication and session resumption, among others.
For TLS servers and clients, NIST SP 800-52 R1 requires support for TLS 1.1, but strongly recommends 1.2 where supported.
“Servers that support government-only applications shall be configured to support TLS 1.1, and should be configured to support TLS 1.2,” the document says. “These servers shall not support TLS 1.0, SSL 2.0, or SSL 3.0.”
As for server keys and certificates, NIST provides six options: an RSA key encipherment certificate; an RSA signature certificate; an Elliptic Curve Digital Signature Algorithm (ECDSA) signature certificate; a Digital Signature Algorithm (DSA)8 signature certificate; a Diffie-Hellman certificate; and an ECDH certificate. Self-signed certificates are forbidden, the document says, adding that only certs issued by a CA are allowed and only CAs that publish certificate revocation lists or online certificate status protocol responses.
Client certs, meanwhile, must be X.509 and the public key and signature must have 112 bits of security at a minimum.