US NSA urged Sysadmins to Abandon Outdated Versions of TLS

HReview

New Member
Thread author
May 12, 2020
0
b4f10a353a46496062bac5b98056092b.png

The US National Security Agency issued a security notice advising system administrators inside and outside of federal agencies to stop using legacy versions of the TLS protocol. More specifically, the NSA has recommended that you no longer use SSL 2.0, SSL 3.0, TLS 1.0 and TLS 1.1 and switch to TLS 1.2 or TLS 1.3.


"Using outdated encryption gives a false sense of security, as sensitive data appears to be protected when in reality it is not," the notice said.

The NSA has also warned of the dangers of using TLS 1.2 and TLS 1.3 with unreliable encryption options and cypher suites. Particularly weak encryption algorithms in TLS 1.2 are referred to as NULL, RC2, RC4, DES, IDEA, and TDES / 3DES, so cipher suites that use these algorithms cannot be used. TLS 1.3 no longer has these cipher suites, but implementations that support TLS 1.2 and TLS 1.3 must be checked for their presence.

The NSA has posted on its GitHub profile a list of tools that system administrators can use to identify systems on their internal networks that are still using legacy TLS configurations.

Following the NSA, a similar security notice was issued by the National Cyber Security Center of the Netherlands. He also recommended that government and private organizations migrate to TLS 1.3.

In the middle of last year, the most popular browsers dropped support for TLS 1.0 and TLS 1.1 for security reasons. According to information security company Netcraft, in March 2020, about 850 thousand sites were still using TLS 1.0 and TLS 1.1 to encrypt their HTTPS traffic.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top