Skip to main content

TLS 1.3 Impact on Network-Based Security

Document Type Expired Internet-Draft (individual)
Expired & archived
Authors Flemming Andreasen , Nancy Cam-Winget , Eric Wang
Last updated 2020-01-09 (Latest revision 2019-07-08)
RFC stream (None)
Intended RFC status (None)
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Network-based security solutions are used by enterprises, public sector, and cloud service providers today in order to both complement and enhance host-based security solutions. TLS 1.3 introduces several changes to TLS 1.2 with a goal to improve the overall security and privacy provided by TLS. However some of these changes have a negative impact on network-based security solutions and deployments that adopt a multi-layered approach to security. While this may be viewed as a feature, there are several real-life use case scenarios where the same functionality and security can not be offered without such network-based security solutions. In this document, we identify the TLS 1.3 changes that may impact such use cases.


Flemming Andreasen
Nancy Cam-Winget
Eric Wang

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)