The National Security Agency (NSA) released recommendations designed to help organizations, network administrators and security analysts eliminate obsolete Transport Layer Security (TLS) protocol configurations, as network connections employing obsolete protocols are at an elevated risk of exploitation by malicious actors.
The NSA said that obsolete encryption provides “a false sense of security because it may look as though sensitive data is protected, even though it really is not” and all systems should block obsolete configurations for TLS and SSL protocols.
“NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 not be used,” the agency said.
In case of TLS 1.2 and TLS 1.3, the NSA says these two protocols should not be configured with weak cryptographic parameters and cipher suites.
"Especially weak encryption algorithms in TLS 1.2 are designated as NULL, RC2, RC4, DES, IDEA, and TDES/3DES; cipher suites using these algorithms should not be used," the NSA warns. "TLS 1.3 removes these cipher suites, but implementations that support both TLS 1.3 and TLS 1.2 should be checked for obsolete cipher suites."
The guidance provides organizations with recommended TLS configurations and remediation steps for those who rely on obsolete configurations. Network administrators and security analysts can also learn how detect weak configurations, as well as necessary remediation steps:
First, identify clients offering and servers negotiating obsolete TLS versions. If a client offers, or a server negotiates SSL 2.0, SSL 3.0, or an obsolete TLS version, no further traffic analysis is required and remediation strategies should be employed.
Next, for sessions using TLS 1.2, analysts should identify and remediate devices using obsolete cipher suites. Identify clients only offering and servers negotiating obsolete TLS cipher suites and update their configurations to be compliant. Note for TLS 1.3, neither NIST nor CNSS identify cipher suites that must not be used – however, CNSA compliant configurations should be followed.
Finally, for sessions using TLS 1.2 or TLS 1.3 and recommended cipher suites, analysts should identify and remediate devices using weak key exchange methods.