The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet on eliminating obsolete Transport Layer Security (TLS) configurations.
The information sheet identifies strategies to detect obsolete cipher suites and key exchange mechanisms, discusses recommended TLS configurations, and provides remediation recommendations for organizations using obsolete TLS configurations.
Over time, new attacks against Transport Layer Security (TLS) and the algorithms it uses have been discovered. Network connections employing obsolete protocols are at an elevated risk of exploitation by adversaries.
Sensitive and valuable data requires strong protections within electronic systems and transmissions. TLS and Secure Sockets Layer (SSL) were developed as protocols to create private, secure channels between a server and client using encryption and authentication. While the standards and most products have been updated, implementations often have not kept up.
TLS provides confidentiality, integrity, and often authenticity protections to data while it is in transit over a network. This occurs by providing a secured channel between a server and client to communicate for a session. Over time, new versions of the TLS protocol are developed and some of the previous versions become obsolete for numerous technical reasons or vulnerabilities, and therefore should no longer be used to sufficiently protect data.
Click here to read the full NSA document.