Security News > 2021 > January > NSA Issues Guidance on Replacing Obsolete TLS Versions
The National Security Agency this week issued guidance for National Security System, Department of Defense, and Defense Industrial Base cybersecurity decision makers, system admins, and network security analysts to replace obsolete versions of the Transport Layer Security protocol.
While older versions of the security protocols, namely SSL, TLS 1.0, and TLS1.1, have been deprecated in many existing online services and applications, there still are systems that rely on these insecure protocols, thus exposing entire networks.
"NSA recommends that only TLS 1.2 or TLS 1.3 be used; and that SSL 2.0, SSL 3.0, TLS 1.0, and TLS1.1 not be used," the agency says.
In the newly released guidance, the NSA provides details on how network administrators and security analysts can identify and eliminate obsolete TLS configurations in their environments, including protocol versions, cipher suites, and key exchange methods.
The first step, the agency notes, is to detect obsolete TLS configurations still in use in US government systems, through identifying clients and servers using older TLS versions and devices using obsolete cipher suites and/or weak key exchange methods.
As remediation steps, admins should configure monitoring devices to alert and/or block weak TLS traffic.