Eliminating Obsolete Transport Layer Security Protocol Configurations
NJCCIC Advisory
Original Release Date: 1/6/2021
Summary
The National Security Agency (NSA) emphatically recommends replacing obsolete protocol configurations with ones that utilize strong encryption and authentication to protect all sensitive information. Over time, new attacks against Transport Layer Security (TLS) and the algorithms it uses have been discovered. Network connections employing obsolete protocols are at an elevated risk of exploitation by adversaries.
Sensitive and valuable data requires strong protections within electronic systems and transmissions. TLS and Secure Sockets Layer (SSL) were developed as protocols to create private, secure channels between a server and client using encryption and authentication. While the standards and most products have been updated, implementations often have not kept up.
This NSA Cybersecurity Information sheet identifies strategies to detect obsolete cipher suites and key exchange mechanisms, discusses recommended TLS configurations, and provides remediation recommendations for organizations using obsolete TLS configurations.
Reporting
We encourage recipients who discover signs of malicious cyber activity to contact us via the cyber incident report form here.
The NJCCIC is a component organization within the New Jersey Office of Homeland Security and Preparedness. We are the State's one-stop-shop for cyber threat analysis, incident reporting, and information sharing and are committed to making New Jersey more resilient to cyber threats by spreading awareness and promoting the adoption of best practices.
View our Privacy Policy here.
View our Site Index here.