Overview#Transport Layer Security (Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)) and Datagram Transport Layer Security (DTLS) are widely used to protect data exchanged over application protocols such as HTTP, SMTP, IMAP, POP, SIP, and XMPP. Over the last few years, several serious attacks on TLS have emerged, including attacks on its most commonly used cipher suites and their modes of operation. This document provides recommendations for improving the security of deployed services that use TLS and DTLS. The Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) are applicable to the majority of use cases.
This is defined in RFC 7525.
It is important both to stop using old, less secure versions of SSL/TLS and to start using modern, more secure versions; therefore, the following are the recommendations concerning TLS/SSL protocol versions:RFC 6176. SSLv3 RFC 6101 was an improvement over SSLv2 and plugged some significant security holes but did not support strong Cipher Suites. SSLv3 does not support TLS extensions, some of which (e.g., renegotiation_info RFC 5746) are security-critical.
Rationale: TLS 1.0 (published in 1999) does not support many modern, strong cipher suites. In addition, TLS 1.0 lacks a per-record Initialization Vector (IV) for CBC-based cipher suites and does not warn against common padding errors.TLS 1.2 version 1.2 over earlier versions of TLS.
Rationale: Several stronger cipher suites are available only with TLS 1.2 (published in 2008). In fact, the Cipher Suites recommended by this document (Section 4.2 below) are only available in TLS 1.2.