assurance - [Assurance] Draft NIST TLS document SP800-52 Revision 1 is out for review/comment
Subject: Assurance
List archive
[Assurance] Draft NIST TLS document SP800-52 Revision 1 is out for review/comment
Chronological Thread
- From: "Capehart,Jeffrey D" <>
- To: "" <>
- Subject: [Assurance] Draft NIST TLS document SP800-52 Revision 1 is out for review/comment
- Date: Wed, 25 Sep 2013 17:33:01 +0000
- Accept-language: en-US
|
DRAFT Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations is now available. Of special interest for those needing to comply with
Approved Algorithms and Protected Channels for Silver, this section from the Executive Summary may be helpful: This Special Publication provides guidance to the selection and configuration of TLS protocol implementations while making effective use of Approved cryptographic
schemes and algorithms. In particular, it requires that TLS 1.1 be configured with cipher suites using Approved schemes and algorithms as the minimum appropriate secure transport protocol***. It also recommends that agencies develop migration plans to TLS
1.2, configured using Approved schemes and algorithms, by January 1, 2015.
When interoperability with non -government systems is required, TLS 1.0 may be supported. The question here to consider is… would a FICAM profile for InCommon Silver be considered as interoperability with a non-government system such that TLS 1.0 would be OK? ***While SSL 3.0 is the most secure of the SSL protocol versions, it is not approved for use in the protection of Federal information because it relies in part
on the use of cryptographic algorithms that are not Approved. TLS versions 1.1 and 1.2 are approved for the protection of Federal information, when properly configured.
TLS version 1.0 is approved only when it is required for interoperability with non-government systems and is configured according to these guidelines.
For those wondering about SHA-1 or MD5, here’s what NIST had to say: Note that the TLS 1.1 pseudorandom function (PRF) uses
MD5 and SHA-1 in parallel so that if one hash function is broken, security is not compromised. While MD5 is not an Approved algorithm, the TLS 1.1 PRF is specified
as acceptable in [FIPS140Impl] and [SP800-135]. Notice that the FIPS 140 Implementation Guidance is where they say SHA-1 and MD5 are OK because…
“nothing in TLS actually depends on MD5 for its security.” 1 SSL v3.1 is allowed, as it is equivalent to TLS v1.0.
2 The problem with SSL 3.0 is the key derivation process that applies to all SSL 3.0 cipher suites: half of the master key that is set up during the SSL key exchange depends
entirely on the MD5 hash function. MD5 is not an
approved algorithm, and its collision resistance property has been broken by Antoine Joux.
TLS also uses MD5 in the key derivation process, but in a different manner, so that all of the master key depends on both MD5 and SHA-1;
nothing in TLS actually depends on MD5 for its security.
Therefore,
TLS implementations can be validated under FIPS 140-2, while SSL 3.0 implementations cannot. TLS is version 3.1 of SSL, and most current servers and clients are capable of doing both SSL 3.0 and TLS.
Read the full document to see which cipher suites are supported and other guidance. If anyone has any comments on this draft, you have until Nov. 30th to share them with NIST. --- NIST CSRC News -- 2013
DRAFT Special Publication 800-52 Revision 1, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations is now available
Jeff Capehart, CISA |
- [Assurance] Draft NIST TLS document SP800-52 Revision 1 is out for review/comment, Capehart,Jeffrey D, 09/25/2013
- <Possible follow-up(s)>
- Re: [Assurance] Draft NIST TLS document SP800-52 Revision 1 is out for review/comment, Joe St Sauver, 09/25/2013
- RE: [Assurance] Draft NIST TLS document SP800-52 Revision 1 is out for review/comment, Capehart,Jeffrey D, 09/26/2013
Archive powered by MHonArc 2.6.16.