The National Security Agency (NSA) recommends replacing obsolete protocol configurations with ones that utilise strong encryption and authentication to protect sensitive information. Over time, new attacks against Transport Layer Security (TLS) and the algorithms it uses have been discovered. Network connections employing obsolete protocols are at an elevated risk of exploitation by adversaries.
NSA recommends that only TLS 1.2 or TLS 1.3 be used;
and that SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 should not be used
The main message is to make sure you review the versions of TLS currently used on your servers and update configurations to ensure that the newly discovered attacks are not applicable to your infrastructure.
The National Cyber Security Centre (NCSC) of The Netherlands issued a similar recommendation. The NCSC is working to increase the ability of Dutch society to defend itself in the digital domain.
These guidelines are intended to aid during procurement, set-up and review of configurations of the Transport Layer Security protocol (TLS). You can find the IT Security Guidelines by clicking on the following link: https://english.ncsc.nl/publications/publications/2021/january/19/it-security-guidelines-for-transport-layer-security-2.1
NSA also offers a repository that lists a number of tools, SNORT signatures, and web server configurations to help network owners detect and remediate the use of obsolete TLS: https://github.com/nsacyber/Mitigating-Obsolete-TLS
For the original NSA paper, containing extensive background information regarding this recommendation, please visit the following link: https://media.defense.gov/2021/Jan/05/2002560140/-1/-1/0/ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF
Being committed to internet security, we at SSLreminder are happy to help with advice regarding updating your SSL/TLS configuration.
Feel free to reach out to us at [email protected] and we’ll get back to you as soon as possible.