Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations

Office of Management and Budget (OMB) Circular A-130, Managing Information as a Strategic Resource, requires managers of public-facing information repositories or dissemination systems that contain sensitive but unclassified data to ensure that sensitive data is protected commensurate with the risk and magnitude of the harm that would result from the loss, misuse, or unauthorized access to or modification of such data. Given the nature of interconnected networks and the use of the Internet to share information, the protection of this sensitive data can become difficult if proper mechanisms are not employed to protect the data. Transport Layer Security (TLS) provides such a mechanism to protect sensitive data during electronic dissemination across the Internet.

TLS is a protocol created to provide authentication, confidentiality, and data integrity protection between two communicating applications. TLS is based on a precursor protocol called the Secure Sockets Layer Version 3.0 (SSL 3.0) and is considered to be an improvement to SSL 3.0. SSL 3.0 is specified in. The Transport Layer Security version 1 (TLS 1.0) is specified in Request for Comments (RFC) 2246. Each document specifies a similar protocol that provides security services over the Internet. TLS 1.0 has been revised to version 1.1, as documented in RFC 4346, and TLS 1.1 has been further revised to version 1.2, as documented in RFC 5246. In addition, some extensions have been defined to mitigate some of the known security vulnerabilities in implementations using TLS versions 1.0, 1.1, and 1.2. TLS 1.3, described in RFC 8446, is a significant update to previous versions that includes protections against security concerns that arose in previous versions of TLS.

This Special Publication provides guidance on the selection and configuration of TLS protocol implementations while making effective use of NIST-approved cryptographic schemes and algorithms. In particular, it requires that TLS 1.2 be configured with cipher suites using NIST-approved schemes and algorithms as the minimum appropriate secure transport protocol and requires support for TLS 1.3 by January 1, 2024. When interoperability with non-government systems is required, TLS 1.1 and TLS 1.0 may be supported. This Special Publication also identifies TLS extensions for which mandatory support must be provided and also identifies other recommended extensions.

The use of the recommendations provided in this Special Publication are intended to promote:

• More consistent use of authentication, confidentiality, and integrity mechanisms for the protection of information transported across the Internet;
• Consistent use of the recommended cipher suites that encompass NIST-approved algorithms and open standards;
• Protection against known and anticipated attacks on the TLS protocol; and
• Informed decisions by system administrators and managers in the integration of TLS implementations.

While these guidelines are primarily designed for federal users and system administrators to adequately protect sensitive but unclassified U.S. Federal Government data against serious threats on the Internet, they may also be used within closed network environments to segregate data. (The client-server model and security services discussed also apply in these situations). This Special Publication supersedes NIST Special Publication 800-52 Revision 1. This Special Publication should be used in conjunction with existing policies and procedures.