[rfc-dist] BCP 195, RFC 8996 on Deprecating TLS 1.0 and TLS 1.1

rfc-editor at rfc-editor.org rfc-editor at rfc-editor.org
Tue Mar 23 10:50:50 PDT 2021


A new Request for Comments is now available in online RFC libraries.

        BCP 195        
        RFC 8996

        Title:      Deprecating TLS 1.0 and TLS 1.1 
        Author:     K. Moriarty,
                    S. Farrell
        Status:     Best Current Practice
        Stream:     IETF
        Date:       March 2021
        Mailbox:    Kathleen.Moriarty.ietf at gmail.com,
                    stephen.farrell at cs.tcd.ie
        Pages:      18
        Obsoletes:  RFC 5469, RFC 7507
        Updates:    RFC 3261, RFC 3329, RFC 3436, RFC 3470, RFC 3501,
                    RFC 3552, RFC 3568, RFC 3656, RFC 3749, RFC 3767, 
                    RFC 3856, RFC 3871, RFC 3887, RFC 3903, RFC 3943, 
                    RFC 3983, RFC 4097, RFC 4111, RFC 4162, RFC 4168, 
                    RFC 4217, RFC 4235, RFC 4261, RFC 4279, RFC 4497, 
                    RFC 4513, RFC 4531, RFC 4540, RFC 4582, RFC 4616, 
                    RFC 4642, RFC 4680, RFC 4681, RFC 4712, RFC 4732, 
                    RFC 4743, RFC 4744, RFC 4785, RFC 4791, RFC 4823, 
                    RFC 4851, RFC 4964, RFC 4975, RFC 4976, RFC 4992, 
                    RFC 5018, RFC 5019, RFC 5023, RFC 5024, RFC 5049, 
                    RFC 5054, RFC 5091, RFC 5158, RFC 5216, RFC 5238, 
                    RFC 5263, RFC 5281, RFC 5364, RFC 5415, RFC 5422, 
                    RFC 5456, RFC 5734, RFC 5878, RFC 5953, RFC 6012, 
                    RFC 6042, RFC 6083, RFC 6084, RFC 6176, RFC 6347, 
                    RFC 6353, RFC 6367, RFC 6460, RFC 6614, RFC 6739, 
                    RFC 6749, RFC 6750, RFC 7030, RFC 7465, RFC 7525, 
                    RFC 7562, RFC 7568, RFC 8261, RFC 8422
        See Also:   BCP 195

        I-D Tag:    draft-ietf-tls-oldversions-deprecate-12.txt

        URL:        https://www.rfc-editor.org/info/rfc8996

        DOI:        10.17487/RFC8996

This document formally deprecates Transport Layer Security (TLS)
versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those
documents have been moved to Historic status. These versions lack
support for current and recommended cryptographic algorithms and
mechanisms, and various government and industry profiles of
applications using TLS now mandate avoiding these old TLS versions.
TLS version 1.2 became the recommended version for IETF protocols in
2008 (subsequently being obsoleted by TLS version 1.3 in 2018),
providing sufficient time to transition away from older versions.
Removing support for older versions from implementations reduces the
attack surface, reduces opportunity for misconfiguration, and
streamlines library and product maintenance. 

This document also deprecates Datagram TLS (DTLS) version 1.0 (RFC
4347) but not DTLS version 1.2, and there is no DTLS version 1.1.

This document updates many RFCs that normatively refer to TLS version
1.0 or TLS version 1.1, as described herein. This document also
updates the best practices for TLS usage in RFC 7525; hence, it is
part of BCP 195.

This document is a product of the Transport Layer Security Working Group of the IETF.


BCP: This document specifies an Internet Best Current Practices for the
Internet Community, and requests discussion and suggestions for 
improvements. Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  https://www.ietf.org/mailman/listinfo/ietf-announce
  https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see https://www.rfc-editor.org/search
For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor at rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC


More information about the rfc-dist mailing list