Skip to main content

Deprecating FFDH Ciphersuites in TLS

Document Type Replaced Internet-Draft (individual)
Expired & archived
Authors Carrick Bartle , Nimrod Aviram , Filippo Valsorda
Last updated 2022-01-31 (Latest revision 2021-07-30)
Replaced by draft-ietf-tls-deprecate-obsolete-kex
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Replaced by draft-ietf-tls-deprecate-obsolete-kex
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


This document deprecates the use of finite field Diffie Hellman cipher suites and discourages the use of elliptic curve Diffie Hellman cipher suites, both of which have known vulnerabilities or improper security properties when implemented incorrectly.


Carrick Bartle
Nimrod Aviram
Filippo Valsorda

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)