Deprecating TLSv1.0 and TLSv1.1
draft-ietf-tls-oldversions-deprecate-11
| Document | Type | Active Internet-Draft (tls WG) | |
|---|---|---|---|
| Authors | Kathleen Moriarty , Stephen Farrell | ||
| Last updated | 2021-01-13 (latest revision 2020-12-15) | ||
| Replaces | draft-moriarty-tls-oldversions-diediedie | ||
| Stream | IETF | ||
| Intended RFC status | Best Current Practice | ||
| Formats | plain text xml pdf htmlized (tools) htmlized bibtex | ||
| Reviews | |||
| Stream | WG state | Submitted to IESG for Publication | |
| Document shepherd | Sean Turner | ||
| Shepherd write-up | Show (last changed 2020-12-29) | ||
| IESG | IESG state | IESG Evaluation | |
| Consensus Boilerplate | Yes | ||
| Telechat date |
On agenda of 2021-01-21 IESG telechat
Has enough positions to pass. |
||
| Responsible AD | Benjamin Kaduk | ||
| Send notices to | Sean Turner <sean@sn3rd.com>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> | ||
| IANA | IANA review state | IANA OK - No Actions Needed | |
Internet Engineering Task Force K. Moriarty
Internet-Draft Dell EMC
Obsoletes: 5469 7507 (if approved) S. Farrell
Updates: 8422 8261 7568 7562 7525 7465 Trinity College Dublin
7030 6750 6749 6739 6460 6614 December 15, 2020
6367 6353 6347 6176 6084 6083
6042 6012 5953 5878 5734 5456
5422 5415 5364 5281 5263 5238
5216 5158 5091 5054 5049 5024
5023 5019 5018 4992 4976 4975
4964 4851 4823 4791 4785 4744
4743 4732 4712 4681 4680 4642
4616 4582 4540 4531 4513 4497
4279 4261 4235 4217 4168 4162
4111 4097 3983 3943 3903 3887
3871 3856 3767 3749 3656 3568
3552 3501 3470 3436 3329 3261
(if approved)
Intended status: Best Current Practice
Expires: June 18, 2021
Deprecating TLSv1.0 and TLSv1.1
draft-ietf-tls-oldversions-deprecate-11
Abstract
This document, if approved, formally deprecates Transport Layer
Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346).
Accordingly, those documents (will be moved|have been moved) to
Historic status. These versions lack support for current and
recommended cryptographic algorithms and mechanisms, and various
government and industry profiles of applications using TLS now
mandate avoiding these old TLS versions. TLSv1.2 has been the
recommended version for IETF protocols since 2008, providing
sufficient time to transition away from older versions. Removing
support for older versions from implementations reduces the attack
surface, reduces opportunity for misconfiguration, and streamlines
library and product maintenance.
This document also deprecates Datagram TLS (DTLS) version 1.0
(RFC4347), but not DTLS version 1.2, and there is no DTLS version
1.1.
This document updates many RFCs that normatively refer to TLSv1.0 or
TLSv1.1 as described herein. This document also updates the best
practices for TLS usage in RFC 7525 and hence is part of BCP195.
Moriarty & Farrell Expires June 18, 2021 [Page 1]
Internet-Draft Deprecating TLSv1.0 and TLSv1.1 December 2020
Status of This Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
This Internet-Draft will expire on June 18, 2021.
Copyright Notice
Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1. RFCs Updated . . . . . . . . . . . . . . . . . . . . . . 3
1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 5
2. Support for Deprecation . . . . . . . . . . . . . . . . . . . 5
3. SHA-1 Usage Problematic in TLSv1.0 and TLSv1.1 . . . . . . . 6
4. Do Not Use TLSv1.0 . . . . . . . . . . . . . . . . . . . . . 6
5. Do Not Use TLSv1.1 . . . . . . . . . . . . . . . . . . . . . 7
6. Updates to RFC7525 . . . . . . . . . . . . . . . . . . . . . 8
7. Operational Considerations . . . . . . . . . . . . . . . . . 8
8. Security Considerations . . . . . . . . . . . . . . . . . . . 9
9. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 9
10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9
11. References . . . . . . . . . . . . . . . . . . . . . . . . . 9
11.1. Normative References . . . . . . . . . . . . . . . . . . 9
Moriarty & Farrell Expires June 18, 2021 [Page 2]
Internet-Draft Deprecating TLSv1.0 and TLSv1.1 December 2020
11.2. Informative References . . . . . . . . . . . . . . . . . 18
Show full document text