Transition to TLS 1.3

27 January 2021

Recently, the Dutch National Cyber ​​Security Center (NCSC) has adjusted its security guidelines, among other things with the advice to switch to the TLS 1.3 encryption protocol. This protocol is more resistant to (future) attack techniques and is also easier to configure securely than its predecessor TLS 1.2.

Encryption protocols are used to set up a secure connection by encrypting HTTP traffic. The widely used encryption protocol TLS 1.2 has been the standard (recommended) protocol since 2018, while 1.3 was already available. According to the NCSC, by now TLS 1.3 is implemented in most current applications and software libraries, and now is a good time to encourage suppliers to support 1.3.

What exactly has changed?

The security of TLS 1.2 has now been changed from 'Good' to 'Sufficient', all older protocols (TLS 1.1 and the SSL protocols) may no longer be used. The security of a 2048 bit RSA key has also been changed from good to sufficient, at least a 3072 bit length is now rated as 'good'. You can read the new guidelines here.

What can you do?

The new guidelines are an advice for setting TLS configurations as securely as possible. As a server administrator you can set on your web server which encryption protocols you want to allow for setting up a secure connection. Via SSLLabs you can quickly check your server settings, and optimize your settings with these tips & tricks. Do you have questions about enabling or disabling TLS protocols? Please contact our support department on +3188-775 775 1 or support@xolphin.com.

point up