Skip to main content

TLS 1.3 Impact on Network-Based Security

Document Type Expired Internet-Draft (individual)
Authors Flemming Andreasen , Nancy Cam-Winget , Eric Wang
Last updated 2020-01-09 (Latest revision 2019-07-08)
Stream (None)
Intended RFC status (None)
Expired & archived
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Network-based security solutions are used by enterprises, public sector, and cloud service providers today in order to both complement and enhance host-based security solutions. TLS 1.3 introduces several changes to TLS 1.2 with a goal to improve the overall security and privacy provided by TLS. However some of these changes have a negative impact on network-based security solutions and deployments that adopt a multi-layered approach to security. While this may be viewed as a feature, there are several real-life use case scenarios where the same functionality and security can not be offered without such network-based security solutions. In this document, we identify the TLS 1.3 changes that may impact such use cases.


Flemming Andreasen
Nancy Cam-Winget
Eric Wang

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)