Security News > 2021 > January > NSA Urges SysAdmins to Replace Obsolete TLS Protocols

"Network connections employing obsolete protocols are at an elevated risk of exploitation by adversaries. As a result, all systems should avoid using obsolete configurations for TLS and SSL protocols."

The NSA's alert adds on to an existing collective push for updating TLS protocols, with some of the biggest standards bodies and regulators mandating that web server operators ensure they move to TLS 1.2 before the end of 2020.

"Network monitoring devices can be configured to alert analysts to servers and/or clients that negotiate obsolete TLS or can be used to block weak TLS traffic," according to the NSA. "The choice to alert and/or block will depend on the organization. To minimize mission impact, organizations should use a phased approach to detecting and fixing clients and servers until an acceptable number have been remediated before implementing blocking rules."

Security focused content delivery network provider Cloudflare has previously stated that "Both TLS 1.0 and TLS 1.1 are insufficient for protecting information due to known vulnerabilities. Specifically for Cloudflare customers, the primary impact of PCI is that TLS 1.0 and TLS 1.1 are insufficient to secure payment card related traffic."

Nick Sullivan, head of research at Cloudflare, told Threatpost that all Cloudflare customers get access to the latest encryption protocols, including TLS 1.2 and TLS 1.3.

"Enabling TLS 1.3 is both a performance and a security upgrade over TLS 1.2, so we highly encourage other industry players to deploy TLS 1.3 support as soon as possible," Sullivan told Threatpost.

News URL

https://threatpost.com/nsa-urges-sysadmins-to-replace-obsolete-tls-protocols/162814/