Just Published: A New Version of the TLS Guidelines
Yaron Sheffer, Peter Saint-Andre and Thomas Fossati
There’s a new standard out, RFC 9325, with guidelines on secure use of TLS. This short post will explain some of the history behind it and why you might want to explore this document.
In early 2013, we started working on a set of guidelines for Transport Layer Security (TLS) deployments. TLS is the security protocol that underlies much of today’s internet. In fact, almost all web pages today are served over HTTPS, which means the HTTP protocol is layered on top of TLS. Many years ago, the same protocol was called Secure Socket Layer or SSL, and this is the name many people still use to refer to TLS.
Back in 2013, TLS was in crisis. It was becoming increasingly clear that the internet needed to move into a fully encrypted model, especially after the Snowden revelations in mid-2013. TLS was the obvious technology to do the job. But...