Security News > 2021 > January > NSA shares guidance, tools to mitigate weak encryption protocols
Implementing the measures in NSA's guidance eliminates the false sense of security provided by obsolete encryption protocols by helping block insecure TLS versions, cipher suites, and key exchange methods to properly encrypt network traffic.
Updating TLS configurations will provide government and enterprise organizations with stronger encryption and authentication to help them build a better defense against malicious actors' attacks and protect important information.
The tools, network signatures, and server configurations shared today by the NSA are designed to help government network owners enhance their cybersecurity posture by allowing only authorized and strong encryption protocol configurations in their orgs' environments.
Since the risks stemming from deprecated TLS protocols' weak encryption affect all networks, the guidance should be followed by all "Network owners and operators" who want to decrease their risk exposure and harden their systems against attacks using these attack vectors.
The Cybersecurity Information Sheet released today by the NSA [PDF] provides extensive information for all network administrators on deprecated TLS versions, cipher suites, and key exchange mechanisms, as well as on recommended TLS configs, detection strategy, and remediation.
Microsoft, Google, Apple, and Mozilla said in a coordinated announcement from October 2018 that they will be retiring the insecure TLS 1.0 and TLS 1.1 protocols starting with the first half of 2020.