TLS 1.3 Impact on Network-Based Security

Document Type Expired Internet-Draft (individual)
Authors Flemming Andreasen  , Nancy Cam-Winget  , Eric Wang 
Last updated 2020-01-09 (latest revision 2019-07-08)
Stream (None)
Expired & archived
plain text xml pdf htmlized bibtex
Stream Stream state (No stream defined)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft can be found at


Network-based security solutions are used by enterprises, public sector, and cloud service providers today in order to both complement and enhance host-based security solutions. TLS 1.3 introduces several changes to TLS 1.2 with a goal to improve the overall security and privacy provided by TLS. However some of these changes have a negative impact on network-based security solutions and deployments that adopt a multi-layered approach to security. While this may be viewed as a feature, there are several real-life use case scenarios where the same functionality and security can not be offered without such network-based security solutions. In this document, we identify the TLS 1.3 changes that may impact such use cases.


Flemming Andreasen (
Nancy Cam-Winget (
Eric Wang (

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)