Skip to main content

Deprecating TLS 1.0 and TLS 1.1
RFC 8996

Revision differences

Document history

Date Rev. By Action
2021-03-25
12 (System) Received changes through RFC Editor sync (added Errata tag)
2021-03-23
12 (System)
Received changes through RFC Editor sync (created alias RFC 8996, changed title to 'Deprecating TLS 1.0 and TLS 1.1', changed abstract to 'This document …
Received changes through RFC Editor sync (created alias RFC 8996, changed title to 'Deprecating TLS 1.0 and TLS 1.1', changed abstract to 'This document formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those documents have been moved to Historic status. These versions lack support for current and recommended cryptographic algorithms and mechanisms, and various government and industry profiles of applications using TLS now mandate avoiding these old TLS versions. TLS version 1.2 became the recommended version for IETF protocols in 2008 (subsequently being obsoleted by TLS version 1.3 in 2018), providing sufficient time to transition away from older versions. Removing support for older versions from implementations reduces the attack surface, reduces opportunity for misconfiguration, and streamlines library and product maintenance.

This document also deprecates Datagram TLS (DTLS) version 1.0 (RFC 4347) but not DTLS version 1.2, and there is no DTLS version 1.1.

This document updates many RFCs that normatively refer to TLS version 1.0 or TLS version 1.1, as described herein. This document also updates the best practices for TLS usage in RFC 7525; hence, it is part of BCP 195.', changed pages to 18, changed standardization level to Best Current Practice, changed state to RFC, added RFC published event at 2021-03-23, changed IESG state to RFC Published, created obsoletes relation between draft-ietf-tls-oldversions-deprecate and RFC 5469, created obsoletes relation between draft-ietf-tls-oldversions-deprecate and RFC 7507, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3261, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3329, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3436, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3470, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3501, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3552, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3568, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3656, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3749, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3767, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3856, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3871, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3887, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3903, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3943, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 3983, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4097, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4111, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4162, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4168, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4217, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4235, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4261, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4279, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4497, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4513, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4531, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4540, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4582, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4616, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4642, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4680, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4681, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4712, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4732, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4743, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4744, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4785, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4791, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4823, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4851, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4964, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4975, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4976, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 4992, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5018, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5019, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5023, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5024, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5049, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5054, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5091, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5158, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5216, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5238, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5263, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5281, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5364, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5415, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5422, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5456, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5734, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5878, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 5953, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 6012, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 6042, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 6083, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 6084, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 6176, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 6347, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 6353, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 6367, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 6460, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 6614, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 6739, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 6749, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 6750, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 7030, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 7465, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 7525, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 7562, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 7568, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 8261, created updates relation between draft-ietf-tls-oldversions-deprecate and RFC 8422)
2021-03-23
12 (System) RFC published
2021-03-16
12 (System) RFC Editor state changed to <a href="https://www.rfc-editor.org/auth48/rfc8996">AUTH48-DONE</a> from AUTH48
2021-03-02
12 (System) IANA Action state changed to No IANA Actions from In Progress
2021-03-02
12 (System) IANA Action state changed to In Progress from Waiting on ADs
2021-03-01
12 (System) RFC Editor state changed to <a href="http://www.rfc-editor.org/auth48/rfc8996">AUTH48</a> from RFC-EDITOR
2021-02-08
12 (System) RFC Editor state changed to RFC-EDITOR from EDIT
2021-02-01
12 (System) IANA Action state changed to Waiting on ADs from In Progress
2021-01-25
12 (System) RFC Editor state changed to EDIT
2021-01-25
12 (System) IESG state changed to RFC Ed Queue from Approved-announcement sent
2021-01-25
12 (System) Announcement was received by RFC Editor
2021-01-25
12 (System) IANA Action state changed to In Progress
2021-01-25
12 Amy Vezza IESG state changed to Approved-announcement sent from Approved-announcement to be sent
2021-01-25
12 Amy Vezza IESG has approved the document
2021-01-25
12 Amy Vezza Closed "Approve" ballot
2021-01-25
12 Amy Vezza Ballot approval text was generated
2021-01-21
12 Benjamin Kaduk IESG state changed to Approved-announcement to be sent from Approved-announcement to be sent::AD Followup
2021-01-21
12 Stephen Farrell New version available: draft-ietf-tls-oldversions-deprecate-12.txt
2021-01-21
12 (System) New version approved
2021-01-21
12 (System) Request for posting confirmation emailed to previous authors: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
2021-01-21
12 Stephen Farrell Uploaded new revision
2021-01-21
11 Cindy Morgan IESG state changed to Approved-announcement to be sent::AD Followup from IESG Evaluation
2021-01-20
11 Alissa Cooper [Ballot Position Update] New position, Yes, has been recorded for Alissa Cooper
2021-01-20
11 Alvaro Retana [Ballot Position Update] New position, No Objection, has been recorded for Alvaro Retana
2021-01-20
11 Murray Kucherawy [Ballot Position Update] New position, Yes, has been recorded for Murray Kucherawy
2021-01-19
11 Roman Danyliw [Ballot comment]
Thank you for the effort to comprehensively modernize the TLS guidance.

Thank you to Adam Montville for the SECDIR review.
2021-01-19
11 Roman Danyliw [Ballot Position Update] New position, Yes, has been recorded for Roman Danyliw
2021-01-19
11 Deborah Brungard [Ballot Position Update] New position, Yes, has been recorded for Deborah Brungard
2021-01-19
11 Warren Kumari [Ballot Position Update] New position, Yes, has been recorded for Warren Kumari
2021-01-19
11 Martin Vigoureux [Ballot Position Update] New position, No Objection, has been recorded for Martin Vigoureux
2021-01-19
11 Barry Leiba
[Ballot comment]
I think this is the first time I’ve reviewed a document where the “References” section is longer than the rest of the document …
[Ballot comment]
I think this is the first time I’ve reviewed a document where the “References” section is longer than the rest of the document combined.

Just a couple of nits:

— Section 1.1 —

  Fallback to these versions are prohibited
  through this update.

Fallback “is” prohibited (not “are”).

— Section 6 —

  This documents updates [RFC7525] Section 3.1.1

“document”, singular.
2021-01-19
11 Barry Leiba [Ballot Position Update] New position, Yes, has been recorded for Barry Leiba
2021-01-19
11 Éric Vyncke
[Ballot comment]
Thank you for the work put into this document.

Special thanks to the shepherd, Sean Turner, who did a great job to describe …
[Ballot comment]
Thank you for the work put into this document.

Special thanks to the shepherd, Sean Turner, who did a great job to describe the WG consensus. Rob Wilton's point about minimum version is also important and should be addressed in the abstract (even if the text is clearer in section 1).

Please find below some nits.

I hope that this helps to improve the document,

Regards,

-éric

-- Abstract --
"This document, if approved, formally deprecates Transport Layer" => should ", if approved," be removed now from the abstract? The RFC Editor will probably do it though.

-- Section 1 --
"deprecate these old versions." should the "these old version" be followed by the enumeration ?
2021-01-19
11 Éric Vyncke [Ballot Position Update] New position, Yes, has been recorded for Éric Vyncke
2021-01-15
11 Erik Kline [Ballot Position Update] New position, Yes, has been recorded for Erik Kline
2021-01-13
11 (System) IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed
2021-01-13
11 Martin Duke [Ballot Position Update] New position, Yes, has been recorded for Martin Duke
2021-01-12
11 Robert Wilton
[Ballot comment]
Thank you for purging the old versions of TLS.

There is one sentence in the abstract that I found surprising (if it is …
[Ballot comment]
Thank you for purging the old versions of TLS.

There is one sentence in the abstract that I found surprising (if it is right).

The abstract states: "TLSv1.2 has been the
  recommended version for IETF protocols since 2008, providing
  sufficient time to transition away from older versions."

Should this be "minimum recommended version"?  Otherwise, I don't understand why the recommended version of TLS is 1.2 rather than 1.3 (given that the TLS 1.2 RFC is marked as obsolete).
2021-01-12
11 Robert Wilton Ballot comment text updated for Robert Wilton
2021-01-12
11 Robert Wilton
[Ballot comment]
Thank you for purging the old versions of TLS.

There was one sentence is the abstract that I found surprising (if it is …
[Ballot comment]
Thank you for purging the old versions of TLS.

There was one sentence is the abstract that I found surprising (if it is right):

The abstract states: "TLSv1.2 has been the
  recommended version for IETF protocols since 2008, providing
  sufficient time to transition away from older versions."

Should this be "minimum recommended version"?  Otherwise, I don't understand why the recommended version of TLS is 1.2 rather than 1.3 (given that the TLS 1.2 RFC is marked as obsolete).
2021-01-12
11 Robert Wilton Ballot comment text updated for Robert Wilton
2021-01-12
11 Robert Wilton
[Ballot comment]
The abstract states: "TLSv1.2 has been the
  recommended version for IETF protocols since 2008, providing
  sufficient time to transition away from …
[Ballot comment]
The abstract states: "TLSv1.2 has been the
  recommended version for IETF protocols since 2008, providing
  sufficient time to transition away from older versions."

Should this be "minimum recommended version"?  Otherwise, I don't understand why the recommended version of TLS is 1.2 rather than 1.3 (given that the TLS 1.2 RFC is marked as obsolete).
2021-01-12
11 Robert Wilton [Ballot Position Update] New position, No Objection, has been recorded for Robert Wilton
2021-01-08
11 Benjamin Kaduk
[Ballot comment]
The replacement of (e.g.) "TLS 1.0" with "TLSv1.0" affected the quote from the NIST document,
which brings in slightly more divergence from the …
[Ballot comment]
The replacement of (e.g.) "TLS 1.0" with "TLSv1.0" affected the quote from the NIST document,
which brings in slightly more divergence from the referenced material.
2021-01-08
11 Benjamin Kaduk Ballot comment text updated for Benjamin Kaduk
2021-01-08
11 Cindy Morgan Placed on agenda for telechat - 2021-01-21
2021-01-08
11 Benjamin Kaduk Ballot has been issued
2021-01-08
11 Benjamin Kaduk [Ballot Position Update] New position, Yes, has been recorded for Benjamin Kaduk
2021-01-08
11 Benjamin Kaduk Created "Approve" ballot
2021-01-08
11 Benjamin Kaduk IESG state changed to IESG Evaluation from Waiting for Writeup
2021-01-08
11 Benjamin Kaduk Ballot writeup was changed
2020-12-29
11 Sean Turner
1. Summary

The document shepherd is Sean Turner.
The Area Director is Ben Kaduk.

This document formally deprecates Transport Layer Security (TLS)
versions 1.0 [ …
1. Summary

The document shepherd is Sean Turner.
The Area Director is Ben Kaduk.

This document formally deprecates Transport Layer Security (TLS)
versions 1.0 [RFC2246], TLS 1.1 [RFC4346], and DTLS 1.0 [RFC4347].
It moves these documents to the historic state.  The draft is intended
for BCP because it updates 7525 and hence should be part of BCP195.

2. Review and Consensus

Let’s be clear, just about everybody wants to deprecate these older
versions of the protocol The question has always been when.

When this draft was first presented at IETF 102, there was
discussion about waiting to request publication until the
TLSv1.0 and TLSv1.1 use rates to drop to an “acceptable”
level.  There were others that felt that there was no need to
wait and that the IETF should do what it thinks is right with
its protocols.  The WG, obviously, settled on progressing this
draft.  Note this draft was further discussed at IETF 103 and
104 to resolve comments received.

There was also some discomfort from enterprise users who
were concerned about the time and expense needed to
transition to newer versions.  It should be noted that library
support typically continues for years beyond the publication
date of the RFC, e.g., OpenSSL released in Fall 2018 will
support TLSv1.0 and TLSv1.1 for roughly another 4 years.

The WGLC  [0] did produce some fireworks.  One participant
very strongly believes that “Disabling TLSv1.0 will only result
in lots of interop failures and pain, but no improvement in
security”.  The assertion was that the use of (RSA,MD) and
(RSA,SHA-1) is allowed in TLS 1.2.  This comment resulted in
draft-lvelvindron-tls-md5-sha1-deprecate, which deprecates
the use of MD5 and SHA1 in TLS1.2.  The chairs determined
that this draft could proceed without the MD5/SHA1 deprecation
text as it is contained in another draft [1].

IETF LC also added two RFCs to the updates list and more
importantly a section was added to address operational
considerations.

[0] Link to WGLC thread:
https://mailarchive.ietf.org/arch/msg/tls/cupb-OgiSK1ulpRANAbihPHc7zI
[1] Link to chair msg:
https://mailarchive.ietf.org/arch/msg/tls/xyMXqKQUZeztD5WupvI0uBp4OLA

3. Intellectual Property

Each author has stated that their direct, personal knowledge
of any IPR related to this document has already been
disclosed, in conformance with BCPs 78 and 79.

4. Other Points

With so many updates in the header (they are there because
TLSv1.0 and TLSv1.1 were used by many protocols and the
WG wanted to do an exhaustive search on those protocols),
there are a couple of side effects:

1. BIKESHED ALERT: BIKESHED ALERT: There are a lot of
updates in the header, we really do not want these included
in the abstract.

2. DOWNREFS: There are a lot and I mean a lot of DOWNREF
warnings.  None of these DOWNREFs are to be added to the
DOWNREF registry.  If the RFC is already in the DOWNREF
registry fine, but do not add any there as a result of the IETF
LC for this document.  The DOWNREFS are to RFCs: 3568,
3656, 3871, 3943, 4097, 4111, 4531, 4540, 4732, , 4743, 4744,
4823, 4851, 4964, 5024, 5054, 5091, 5158, 5281, 5422, 5469,
5878, 6042, 6367, 6739, 7562, 8465.

3. Obsolete informational references: There are lot of these
as well.  They are all intentional.

There are no IANA considerations.
2020-12-15
11 Stephen Farrell New version available: draft-ietf-tls-oldversions-deprecate-11.txt
2020-12-15
11 (System) New version approved
2020-12-15
11 (System) Request for posting confirmation emailed to previous authors: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
2020-12-15
11 Stephen Farrell Uploaded new revision
2020-12-14
10 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed
2020-12-14
10 Stephen Farrell New version available: draft-ietf-tls-oldversions-deprecate-10.txt
2020-12-14
10 (System) New version approved
2020-12-14
10 (System) Request for posting confirmation emailed to previous authors: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
2020-12-14
10 Stephen Farrell Uploaded new revision
2020-11-30
09 Nagendra Nainar Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Nagendra Nainar. Sent review to list.
2020-11-30
09 (System) IESG state changed to Waiting for Writeup from In Last Call
2020-11-25
09 Mohit Sethi Request for Last Call review by GENART Completed: Ready. Reviewer: Mohit Sethi. Sent review to list.
2020-11-24
09 (System) IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed
2020-11-24
09 Sabrina Tanamal
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has reviewed draft-ietf-tls-oldversions-deprecate-09, which is currently in Last Call, and has the following comments:

We …
(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Functions Operator has reviewed draft-ietf-tls-oldversions-deprecate-09, which is currently in Last Call, and has the following comments:

We understand that this document doesn't require any registry actions.

While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object.

If this assessment is not accurate, please respond as soon as possible.

Thank you,

Sabrina Tanamal
Senior IANA Services Specialist
2020-11-23
09 Adam Montville Request for Last Call review by SECDIR Completed: Ready. Reviewer: Adam Montville. Sent review to list.
2020-11-15
09 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Nagendra Nainar
2020-11-15
09 Gunter Van de Velde Request for Last Call review by OPSDIR is assigned to Nagendra Nainar
2020-11-12
09 Jean Mahoney Request for Last Call review by GENART is assigned to Mohit Sethi
2020-11-12
09 Jean Mahoney Request for Last Call review by GENART is assigned to Mohit Sethi
2020-11-12
09 Tero Kivinen Request for Last Call review by SECDIR is assigned to Adam Montville
2020-11-12
09 Tero Kivinen Request for Last Call review by SECDIR is assigned to Adam Montville
2020-11-09
09 Amy Vezza IANA Review state changed to IANA - Review Needed
2020-11-09
09 Amy Vezza
The following Last Call announcement was sent out (ends 2020-11-30):<br><br>From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
CC: sean@sn3rd.com, tls@ietf.org, …
The following Last Call announcement was sent out (ends 2020-11-30):<br><br>From: The IESG <iesg-secretary@ietf.org>
To: IETF-Announce <ietf-announce@ietf.org>
CC: sean@sn3rd.com, tls@ietf.org, kaduk@mit.edu, tls-chairs@ietf.org, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, draft-ietf-tls-oldversions-deprecate@ietf.org, Sean Turner <sean@sn3rd.com>
Reply-To: last-call@ietf.org
Sender: <iesg-secretary@ietf.org>
Subject: Last Call: <draft-ietf-tls-oldversions-deprecate-09.txt> (Deprecating TLSv1.0 and TLSv1.1) to Best Current Practice


The IESG has received a request from the Transport Layer Security WG (tls) to
consider the following document: - 'Deprecating TLSv1.0 and TLSv1.1'
  <draft-ietf-tls-oldversions-deprecate-09.txt> as Best Current Practice

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2020-11-30. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the beginning
of the Subject line to allow automated sorting.

Abstract


  This document, if approved, formally deprecates Transport Layer
  Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346).
  Accordingly, those documents (will be moved|have been moved) to
  Historic status.  These versions lack support for current and
  recommended cryptographic algorithms and mechanisms, and various
  government and industry profiles of applications using TLS now
  mandate avoiding these old TLS versions.  TLSv1.2 has been the
  recommended version for IETF protocols since 2008, providing
  sufficient time to transition away from older versions.  Removing
  support for older versions from implementations reduces the attack
  surface, reduces opportunity for misconfiguration, and streamlines
  library and product maintenance.

  This document also deprecates Datagram TLS (DTLS) version 1.0
  (RFC6347), but not DTLS version 1.2, and there is no DTLS version
  1.1.

  This document updates many RFCs that normatively refer to TLSv1.0 or
  TLSv1.1 as described herein.  This document also updates the best
  practices for TLS usage in RFC 7525 and hence is part of BCP195.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-tls-oldversions-deprecate/



No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information:
    rfc5024: ODETTE File Transfer Protocol 2.0 (Informational - Independent Submission Editor stream)
    rfc5024: ODETTE File Transfer Protocol 2.0 (Informational - Independent Submission Editor stream)
    rfc5023: The Atom Publishing Protocol (Proposed Standard - IETF stream)
    rfc5019: The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments (Proposed Standard - IETF stream)
    rfc5019: The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments (Proposed Standard - IETF stream)
    rfc5018: Connection Establishment in the Binary Floor Control Protocol (BFCP) (Proposed Standard - IETF stream)
    rfc4992: XML Pipelining with Chunks for the Internet Registry Information Service (Proposed Standard - IETF stream)
    rfc4992: XML Pipelining with Chunks for the Internet Registry Information Service (Proposed Standard - IETF stream)
    rfc4976: Relay Extensions for the Message Sessions Relay Protocol (MSRP) (Proposed Standard - IETF stream)
    rfc4975: The Message Session Relay Protocol (MSRP) (Proposed Standard - IETF stream)
    rfc4975: The Message Session Relay Protocol (MSRP) (Proposed Standard - IETF stream)
    rfc4964: The P-Answer-State Header Extension to the Session Initiation Protocol for the Open Mobile Alliance Push to Talk over Cellular (Informational - IETF stream)
    rfc4964: The P-Answer-State Header Extension to the Session Initiation Protocol for the Open Mobile Alliance Push to Talk over Cellular (Informational - IETF stream)
    rfc4851: The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST) (Informational - IETF stream)
    rfc4851: The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST) (Informational - IETF stream)
    rfc4823: FTP Transport for Secure Peer-to-Peer Business Data Interchange over the Internet (Informational - IETF stream)
    rfc4823: FTP Transport for Secure Peer-to-Peer Business Data Interchange over the Internet (Informational - IETF stream)
    rfc4791: Calendaring Extensions to WebDAV (CalDAV) (Proposed Standard - IETF stream)
    rfc4791: Calendaring Extensions to WebDAV (CalDAV) (Proposed Standard - IETF stream)
    rfc4785: Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS) (Proposed Standard - IETF stream)
    rfc4785: Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS) (Proposed Standard - IETF stream)
    rfc4744: Using the NETCONF Protocol over the Blocks Extensible Exchange Protocol (BEEP) (Historic - IETF stream)
    rfc4744: Using the NETCONF Protocol over the Blocks Extensible Exchange Protocol (BEEP) (Historic - IETF stream)
    rfc4743: Using NETCONF over the Simple Object Access Protocol (SOAP) (Historic - IETF stream)
    rfc4743: Using NETCONF over the Simple Object Access Protocol (SOAP) (Historic - IETF stream)
    rfc4732: Internet Denial-of-Service Considerations (Informational - IAB stream)
    rfc4732: Internet Denial-of-Service Considerations (Informational - IAB stream)
    rfc4712: Transport Mappings for Real-time Application Quality-of-Service Monitoring (RAQMON) Protocol Data Unit (PDU) (Proposed Standard - IETF stream)
    rfc4712: Transport Mappings for Real-time Application Quality-of-Service Monitoring (RAQMON) Protocol Data Unit (PDU) (Proposed Standard - IETF stream)
    rfc4681: TLS User Mapping Extension (Proposed Standard - IETF stream)
    rfc4680: TLS Handshake Message for Supplemental Data (Proposed Standard - IETF stream)
    rfc4680: TLS Handshake Message for Supplemental Data (Proposed Standard - IETF stream)
    rfc4642: Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP) (Proposed Standard - IETF stream)
    rfc4642: Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP) (Proposed Standard - IETF stream)
    rfc4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism (Proposed Standard - IETF stream)
    rfc4616: The PLAIN Simple Authentication and Security Layer (SASL) Mechanism (Proposed Standard - IETF stream)
    rfc4582: The Binary Floor Control Protocol (BFCP) (Proposed Standard - IETF stream)
    rfc4582: The Binary Floor Control Protocol (BFCP) (Proposed Standard - IETF stream)
    rfc4540: NEC's Simple Middlebox Configuration (SIMCO) Protocol Version 3.0 (Experimental - Independent Submission Editor stream)
    rfc4540: NEC's Simple Middlebox Configuration (SIMCO) Protocol Version 3.0 (Experimental - Independent Submission Editor stream)
    rfc4531: Lightweight Directory Access Protocol (LDAP) Turn Operation (Experimental - IETF stream)
    rfc4513: Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms (Proposed Standard - IETF stream)
    rfc3436: Transport Layer Security over Stream Control Transmission Protocol (Proposed Standard - IETF stream)
    rfc3436: Transport Layer Security over Stream Control Transmission Protocol (Proposed Standard - IETF stream)
    rfc3329: Security Mechanism Agreement for the Session Initiation Protocol (SIP) (Proposed Standard - IETF stream)
    rfc3329: Security Mechanism Agreement for the Session Initiation Protocol (SIP) (Proposed Standard - IETF stream)
    rfc3261: SIP: Session Initiation Protocol (Proposed Standard - IETF stream)
    rfc3261: SIP: Session Initiation Protocol (Proposed Standard - IETF stream)
    rfc2246: The TLS Protocol Version 1.0 (Proposed Standard - IETF stream)
    rfc6749: The OAuth 2.0 Authorization Framework (Proposed Standard - IETF stream)
    rfc6739: Synchronizing Service Boundaries and <mapping> Elements Based on the Location-to-Service Translation (LoST) Protocol (Experimental - IETF stream)
    rfc6739: Synchronizing Service Boundaries and <mapping> Elements Based on the Location-to-Service Translation (LoST) Protocol (Experimental - IETF stream)
    rfc6367: Addition of the Camellia Cipher Suites to Transport Layer Security (TLS) (Informational - IETF stream)
    rfc6367: Addition of the Camellia Cipher Suites to Transport Layer Security (TLS) (Informational - IETF stream)
    rfc6176: Prohibiting Secure Sockets Layer (SSL) Version 2.0 (Proposed Standard - IETF stream)
    rfc6176: Prohibiting Secure Sockets Layer (SSL) Version 2.0 (Proposed Standard - IETF stream)
    rfc6042: Transport Layer Security (TLS) Authorization Using KeyNote (Informational - Independent Submission Editor stream)
    rfc5878: Transport Layer Security (TLS) Authorization Extensions (Experimental - IETF stream)
    rfc5469: DES and IDEA Cipher Suites for Transport Layer Security (TLS) (Informational - IETF stream)
    rfc5469: DES and IDEA Cipher Suites for Transport Layer Security (TLS) (Informational - IETF stream)
    rfc5422: Dynamic Provisioning Using Flexible Authentication via Secure Tunneling Extensible Authentication Protocol (EAP-FAST) (Informational - IETF stream)
    rfc5422: Dynamic Provisioning Using Flexible Authentication via Secure Tunneling Extensible Authentication Protocol (EAP-FAST) (Informational - IETF stream)
    rfc5364: Extensible Markup Language (XML) Format Extension for Representing Copy Control Attributes in Resource Lists (Proposed Standard - IETF stream)
    rfc5364: Extensible Markup Language (XML) Format Extension for Representing Copy Control Attributes in Resource Lists (Proposed Standard - IETF stream)
    rfc5281: Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) (Informational - IETF stream)
    rfc5281: Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) (Informational - IETF stream)
    rfc5263: Session Initiation Protocol (SIP) Extension for Partial Notification of Presence Information (Proposed Standard - IETF stream)
    rfc5263: Session Initiation Protocol (SIP) Extension for Partial Notification of Presence Information (Proposed Standard - IETF stream)
    rfc5238: Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP) (Proposed Standard - IETF stream)
    rfc5216: The EAP-TLS Authentication Protocol (Proposed Standard - IETF stream)
    rfc5216: The EAP-TLS Authentication Protocol (Proposed Standard - IETF stream)
    rfc5158: 6to4 Reverse DNS Delegation Specification (Informational - IETF stream)
    rfc5091: Identity-Based Cryptography Standard (IBCS) #1: Supersingular Curve Implementations of the BF and BB1 Cryptosystems (Informational - IETF stream)
    rfc5054: Using the Secure Remote Password (SRP) Protocol for TLS Authentication (Informational - IETF stream)
    rfc5054: Using the Secure Remote Password (SRP) Protocol for TLS Authentication (Informational - IETF stream)
    rfc5049: Applying Signaling Compression (SigComp) to the Session Initiation Protocol (SIP) (Proposed Standard - IETF stream)
    rfc3501: INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1 (Proposed Standard - IETF stream)
    rfc3501: INTERNET MESSAGE ACCESS PROTOCOL - VERSION 4rev1 (Proposed Standard - IETF stream)
    rfc4346: The Transport Layer Security (TLS) Protocol Version 1.1 (Proposed Standard - IETF stream)
    rfc2246: The TLS Protocol Version 1.0 (Proposed Standard - IETF stream)
    rfc4346: The Transport Layer Security (TLS) Protocol Version 1.1 (Proposed Standard - IETF stream)
    rfc4279: Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) (Proposed Standard - IETF stream)
    rfc4261: Common Open Policy Service (COPS) Over Transport Layer Security (TLS) (Proposed Standard - IETF stream)
    rfc4235: An INVITE-Initiated Dialog Event Package for the Session Initiation Protocol (SIP) (Proposed Standard - IETF stream)
    rfc4235: An INVITE-Initiated Dialog Event Package for the Session Initiation Protocol (SIP) (Proposed Standard - IETF stream)
    rfc4217: Securing FTP with TLS (Proposed Standard - IETF stream)
    rfc4168: The Stream Control Transmission Protocol (SCTP) as a Transport for the Session Initiation Protocol (SIP) (Proposed Standard - IETF stream)
    rfc4162: Addition of SEED Cipher Suites to Transport Layer Security (TLS) (Proposed Standard - IETF stream)
    rfc4111: Security Framework for Provider-Provisioned Virtual Private Networks (PPVPNs) (Informational - IETF stream)
    rfc4097: Middlebox Communications (MIDCOM) Protocol Evaluation (Informational - IETF stream)
    rfc4097: Middlebox Communications (MIDCOM) Protocol Evaluation (Informational - IETF stream)
    rfc3983: Using the Internet Registry Information Service (IRIS) over the Blocks Extensible Exchange Protocol (BEEP) (Proposed Standard - IETF stream)
    rfc3943: Transport Layer Security (TLS) Protocol Compression Using Lempel-Ziv-Stac (LZS) (Informational - IETF stream)
    rfc3903: Session Initiation Protocol (SIP) Extension for Event State Publication (Proposed Standard - IETF stream)
    rfc6749: The OAuth 2.0 Authorization Framework (Proposed Standard - IETF stream)
    rfc3887: Message Tracking Query Protocol (Proposed Standard - IETF stream)
    rfc3871: Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure (Informational - IETF stream)
    rfc3871: Operational Security Requirements for Large Internet Service Provider (ISP) IP Network Infrastructure (Informational - IETF stream)
    rfc3856: A Presence Event Package for the Session Initiation Protocol (SIP) (Proposed Standard - IETF stream)
    rfc3767: Securely Available Credentials Protocol (Proposed Standard - IETF stream)
    rfc3749: Transport Layer Security Protocol Compression Methods (Proposed Standard - IETF stream)
    rfc3749: Transport Layer Security Protocol Compression Methods (Proposed Standard - IETF stream)
    rfc3656: The Mailbox Update (MUPDATE) Distributed Mailbox Database Protocol (Experimental - Independent Submission Editor stream)
    rfc3568: Known Content Network (CN) Request-Routing Mechanisms (Informational - IETF stream)
    rfc6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage (Proposed Standard - IETF stream)
    rfc6750: The OAuth 2.0 Authorization Framework: Bearer Token Usage (Proposed Standard - IETF stream)
    rfc7030: Enrollment over Secure Transport (Proposed Standard - IETF stream)
    rfc7030: Enrollment over Secure Transport (Proposed Standard - IETF stream)
    rfc7465: Prohibiting RC4 Cipher Suites (Proposed Standard - IETF stream)
    rfc7465: Prohibiting RC4 Cipher Suites (Proposed Standard - IETF stream)
    rfc7507: TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks (Proposed Standard - IETF stream)
    rfc7507: TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks (Proposed Standard - IETF stream)
    rfc7562: Transport Layer Security (TLS) Authorization Using Digital Transmission Content Protection (DTCP) Certificates (Informational - Independent Submission Editor stream)
    rfc7562: Transport Layer Security (TLS) Authorization Using Digital Transmission Content Protection (DTCP) Certificates (Informational - Independent Submission Editor stream)
    rfc7568: Deprecating Secure Sockets Layer Version 3.0 (Proposed Standard - IETF stream)
    rfc7568: Deprecating Secure Sockets Layer Version 3.0 (Proposed Standard - IETF stream)
    rfc8422: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier (Proposed Standard - IETF stream)
    rfc8422: Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier (Proposed Standard - IETF stream)



2020-11-09
09 Amy Vezza IESG state changed to In Last Call from Last Call Requested
2020-11-09
09 Amy Vezza Last call announcement was changed
2020-11-09
09 Benjamin Kaduk Last call was requested
2020-11-09
09 Benjamin Kaduk Last call announcement was generated
2020-11-09
09 Benjamin Kaduk Ballot approval text was generated
2020-11-09
09 Benjamin Kaduk Ballot writeup was generated
2020-11-09
09 Benjamin Kaduk IESG state changed to Last Call Requested from AD Evaluation::AD Followup
2020-11-09
09 (System) Sub state has been changed to AD Followup from Revised ID Needed
2020-11-09
09 Kathleen Moriarty New version available: draft-ietf-tls-oldversions-deprecate-09.txt
2020-11-09
09 Kathleen Moriarty New version available: draft-ietf-tls-oldversions-deprecate-09.txt
2020-11-09
09 (System) Forced post of submission
2020-11-09
09 (System) New version approved
2020-11-09
09 (System) Request for posting confirmation emailed to previous authors: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
2020-11-09
09 Kathleen Moriarty Uploaded new revision
2020-11-09
08 Benjamin Kaduk IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation::AD Followup
2020-10-14
08 Stephen Farrell New version available: draft-ietf-tls-oldversions-deprecate-08.txt
2020-10-14
08 (System) New version approved
2020-10-14
08 (System) Request for posting confirmation emailed to previous authors: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>
2020-10-14
08 Stephen Farrell Uploaded new revision
2020-10-09
07 (System) Sub state has been changed to AD Followup from Revised ID Needed
2020-10-09
07 Kathleen Moriarty New version available: draft-ietf-tls-oldversions-deprecate-07.txt
2020-10-09
07 (System) New version accepted (logged-in submitter: Kathleen Moriarty)
2020-10-09
07 Kathleen Moriarty Uploaded new revision
2020-10-02
06 Sean Turner Notification list changed to Sean Turner <sean@sn3rd.com>, Kathleen  Moriarty <kathleen.moriarty.ietf@gmail.com> from Sean Turner <sean@sn3rd.com>
2020-07-27
06 Sean Turner
1. Summary

The document shepherd is Sean Turner.
The Area Director is Ben Kaduk.

This document formally deprecates Transport Layer Security (TLS)
versions 1.0 [ …
1. Summary

The document shepherd is Sean Turner.
The Area Director is Ben Kaduk.

This document formally deprecates Transport Layer Security (TLS)
versions 1.0 [RFC2246] and 1.1 [RFC4346] and moves these
documents to the historic state.  The draft is intended for BCP
because it updates 7525 and hence should be part of BCP195.

2. Review and Consensus

Let’s be clear, just about everybody wants to deprecate these older
versions of the protocol The question has always been when.

When this draft was first presented at IETF 102, there was
discussion about waiting to request publication until the
TLSv1.0 and TLSv1.1 use rates to drop to an “acceptable”
level.  There were others that felt that there was no need to
wait and that the IETF should do what it thinks is right with
its protocols.  The WG, obviously, settled on progressing this
draft.  Note this draft was further discussed at IETF 103 and
104 to resolve comments received.

There was also some discomfort from enterprise users who
were concerned about the time and expense needed to
transition to newer versions.  It should be noted that library
support typically continues for years beyond the publication
date of the RFC, e.g., OpenSSL released in Fall 2018 will
support TLSv1.0 and TLSv1.1 for roughly another 4 years.

The WGLC  [0] did produce some fireworks.  One participant
very strongly believes that “Disabling TLSv1.0 will only result
in lots of interop failures and pain, but no improvement in
security”.  The assertion was that the use of (RSA,MD) and
(RSA,SHA-1) is allowed in TLS 1.2.  This comment resulted in
draft-lvelvindron-tls-md5-sha1-deprecate, which deprecates
the use of MD5 and SHA1 in TLS1.2.  The chairs determined
that this draft could proceed without the MD5/SHA1 deprecation
text as it is contained in another draft [1].

[0] Link to WGLC thread:
https://mailarchive.ietf.org/arch/msg/tls/cupb-OgiSK1ulpRANAbihPHc7zI
[1] Link to chair msg:
https://mailarchive.ietf.org/arch/msg/tls/xyMXqKQUZeztD5WupvI0uBp4OLA

3. Intellectual Property

Each author has stated that their direct, personal knowledge
of any IPR related to this document has already been
disclosed, in conformance with BCPs 78 and 79.

4. Other Points

With so many updates in the header (they are there because
TLSv1.0 and TLSv1.1 were used by many protocols and the
WG wanted to do an exhaustive search on those protocols),
there are a couple of side effects:

1. BIKESHED ALERT: BIKESHED ALERT: There are a lot of
updates in the header, we really do not want these included
in the abstract.

2. DOWNREFS: There are a lot and I mean a lot of DOWNREF
warnings.  None of these DOWNREFs are to be added to the
DOWNREF registry.  If the RFC is already in the DOWNREF
registry fine, but do not add any there as a result of the IETF
LC for this document.  The DOWNREFS are to RFCs: 3568,
3656, 3871, 3943, 4097, 4111, 4531, 4540, 4732, , 4743, 4744,
4823, 4851, 4964, 5024, 5054, 5091, 5158, 5281, 5422, 5469,
5878, 6042, 6367, 6739, 7562, 8465.

3. Obsolete informational references: There are lot of these
as well.  They are all intentional.

There are no IANA considerations.
2020-07-26
06 Benjamin Kaduk IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation::AD Followup
2020-01-06
06 (System) Sub state has been changed to AD Followup from Revised ID Needed
2020-01-06
06 Stephen Farrell New version available: draft-ietf-tls-oldversions-deprecate-06.txt
2020-01-06
06 (System) New version accepted (logged-in submitter: Stephen Farrell)
2020-01-06
06 Stephen Farrell Uploaded new revision
2019-11-11
05 Benjamin Kaduk IESG state changed to AD Evaluation::Revised I-D Needed from AD Evaluation
2019-11-11
05 Benjamin Kaduk IESG state changed to AD Evaluation from Publication Requested
2019-06-28
05 Sean Turner
1. Summary

The document shepherd is Sean Turner.
The Area Director is Ben Kaduk.

This document formally deprecates Transport Layer Security (TLS)
versions 1.0 [ …
1. Summary

The document shepherd is Sean Turner.
The Area Director is Ben Kaduk.

This document formally deprecates Transport Layer Security (TLS)
versions 1.0 [RFC2246] and 1.1 [RFC4346] and moves these
documents to the historic state.  The draft is intended for BCP
because it updates 7525 and hence should be part of BCP195.

2. Review and Consensus

Let’s be clear, just about everybody wants to deprecate these older
versions of the protocol The question has always been when.

When this draft was first presented at IETF 102, there was
discussion about waiting to request publication until the
TLSv1.0 and TLSv1.1 use rates to drop to an “acceptable”
level.  There were others that felt that there was no need to
wait and that the IETF should do what it thinks is right with
its protocols.  The WG, obviously, settled on progressing this
draft.  Note this draft was further discussed at IETF 103 and
104 to resolve comments received.

There was also some discomfort from enterprise users who
were concerned about the time and expense needed to
transition to newer versions.  It should be noted that library
support typically continues for years beyond the publication
date of the RFC, e.g., OpenSSL released in Fall 2018 will
support TLSv1.0 and TLSv1.1 for roughly another 4 years.

The WGLC  [0] did produce some fireworks.  One participant
very strongly believes that “Disabling TLSv1.0 will only result
in lots of interop failures and pain, but no improvement in
security”.  The assertion was that the use of (RSA,MD) and
(RSA,SHA-1) is allowed in TLS 1.2.  This comment resulted in
draft-lvelvindron-tls-md5-sha1-deprecate, which deprecates
the use of MD5 and SHA1 in TLS1.2.  The chairs determined
that this draft could proceed without the MD5/SHA1 deprecation
text as it is contained in another draft [1].

[0] Link to WGLC thread:
https://mailarchive.ietf.org/arch/msg/tls/cupb-OgiSK1ulpRANAbihPHc7zI
[1] Link to chair msg:
https://mailarchive.ietf.org/arch/msg/tls/xyMXqKQUZeztD5WupvI0uBp4OLA

3. Intellectual Property

Colm <colm@allcosts.net>

Each author has stated that their direct, personal knowledge
of any IPR related to this document has already been
disclosed, in conformance with BCPs 78 and 79.

4. Other Points

With so many updates in the header (they are there because
TLSv1.0 and TLSv1.1 were used by many protocols and the
WG wanted to do an exhaustive search on those protocols),
there are a couple of side effects:

1. BIKESHED ALERT: BIKESHED ALERT: There are a lot of
updates in the header, we really do not want these included
in the abstract.

2. DOWNREFS: There are a lot and I mean a lot of DOWNREF
warnings.  None of these DOWNREFs are to be added to the
DOWNREF registry.  If the RFC is already in the DOWNREF
registry fine, but do not add any there as a result of the IETF
LC for this document.  The DOWNREFS are to RFCs: 3568,
3656, 3871, 3943, 4097, 4111, 4531, 4540, 4732, , 4743, 4744,
4823, 4851, 4964, 5024, 5054, 5091, 5158, 5281, 5422, 5469,
5878, 6042, 6367, 6739, 7562, 8465.

3. Obsolete informational references: There are lot of these
as well.  They are all intentional.

There are no IANA considerations.
2019-06-28
05 Sean Turner Responsible AD changed to Benjamin Kaduk
2019-06-28
05 Sean Turner IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up
2019-06-28
05 Sean Turner IESG state changed to Publication Requested from I-D Exists
2019-06-28
05 Sean Turner IESG process started in state Publication Requested
2019-06-28
05 Sean Turner
1. Summary

The document shepherd is Sean Turner.
The Area Director is Ben Kaduk.

This document formally deprecates Transport Layer Security (TLS)
versions 1.0 [ …
1. Summary

The document shepherd is Sean Turner.
The Area Director is Ben Kaduk.

This document formally deprecates Transport Layer Security (TLS)
versions 1.0 [RFC2246] and 1.1 [RFC4346] and moves these
documents to the historic state.  The draft is intended for BCP
because it updates 7525 and hence should be part of BCP195.

2. Review and Consensus

Let’s be clear, just about everybody wants to deprecate these older
versions of the protocol The question has always been when.

When this draft was first presented at IETF 102, there was
discussion about waiting to request publication until the
TLSv1.0 and TLSv1.1 use rates to drop to an “acceptable”
level.  There were others that felt that there was no need to
wait and that the IETF should do what it thinks is right with
its protocols.  The WG, obviously, settled on progressing this
draft.  Note this draft was further discussed at IETF 103 and
104 to resolve comments received.

There was also some discomfort from enterprise users who
were concerned about the time and expense needed to
transition to newer versions.  It should be noted that library
support typically continues for years beyond the publication
date of the RFC, e.g., OpenSSL released in Fall 2018 will
support TLSv1.0 and TLSv1.1 for roughly another 4 years.

The WGLC  [0] did produce some fireworks.  One participant
very strongly believes that “Disabling TLSv1.0 will only result
in lots of interop failures and pain, but no improvement in
security”.  The assertion was that the use of (RSA,MD) and
(RSA,SHA-1) is allowed in TLS 1.2.  This comment resulted in
draft-lvelvindron-tls-md5-sha1-deprecate, which deprecates
the use of MD5 and SHA1 in TLS1.2.  The chairs determined
that this draft could proceed without the MD5/SHA1 deprecation
text as it is contained in another draft [1].

[0] Link to WGLC thread:
https://mailarchive.ietf.org/arch/msg/tls/cupb-OgiSK1ulpRANAbihPHc7zI
[1] Link to chair msg:
https://mailarchive.ietf.org/arch/msg/tls/xyMXqKQUZeztD5WupvI0uBp4OLA

3. Intellectual Property

Colm <colm@allcosts.net>

Each author has stated that their direct, personal knowledge
of any IPR related to this document has already been
disclosed, in conformance with BCPs 78 and 79.

4. Other Points

With so many updates in the header (they are there because
TLSv1.0 and TLSv1.1 were used by many protocols and the
WG wanted to do an exhaustive search on those protocols),
there are a couple of side effects:

1. BIKESHED ALERT: BIKESHED ALERT: There are a lot of
updates in the header, we really do not want these included
in the abstract.

2. DOWNREFS: There are a lot and I mean a lot of DOWNREF
warnings.  None of these DOWNREFs are to be added to the
DOWNREF registry.  If the RFC is already in the DOWNREF
registry fine, but do not add any there as a result of the IETF
LC for this document.  The DOWNREFS are to RFCs: 3568,
3656, 3871, 3943, 4097, 4111, 4531, 4540, 4732, , 4743, 4744,
4823, 4851, 4964, 5024, 5054, 5091, 5158, 5281, 5422, 5469,
5878, 6042, 6367, 6739, 7562, 8465.

3. Obsolete informational references: There are lot of these
as well.  They are all intentional.

There are no IANA considerations.
2019-06-26
05 Sean Turner IETF WG state changed to WG Consensus: Waiting for Write-Up from WG Document
2019-06-20
05 Kathleen Moriarty New version available: draft-ietf-tls-oldversions-deprecate-05.txt
2019-06-20
05 (System) New version approved
2019-06-20
05 (System) Request for posting confirmation emailed to previous authors: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
2019-06-20
05 Kathleen Moriarty Uploaded new revision
2019-06-20
05 (System) Request for posting confirmation emailed to previous authors: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
2019-06-20
05 Kathleen Moriarty Uploaded new revision
2019-06-06
04 Sean Turner Notification list changed to Sean Turner <sean@sn3rd.com>
2019-06-06
04 Sean Turner Document shepherd changed to Sean Turner
2019-06-06
04 Sean Turner Changed consensus to Yes from Unknown
2019-06-06
04 Sean Turner Intended Status changed to Best Current Practice from None
2019-05-10
04 Kathleen Moriarty New version available: draft-ietf-tls-oldversions-deprecate-04.txt
2019-05-10
04 (System) New version approved
2019-05-10
04 (System) Request for posting confirmation emailed to previous authors: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
2019-05-10
04 Kathleen Moriarty Uploaded new revision
2019-03-26
03 Stephen Farrell New version available: draft-ietf-tls-oldversions-deprecate-03.txt
2019-03-26
03 (System) New version approved
2019-03-26
03 (System) Request for posting confirmation emailed to previous authors: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
2019-03-26
03 Stephen Farrell Uploaded new revision
2019-03-09
02 Stephen Farrell New version available: draft-ietf-tls-oldversions-deprecate-02.txt
2019-03-09
02 (System) New version approved
2019-03-09
02 (System) Request for posting confirmation emailed to previous authors: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
2019-03-09
02 Stephen Farrell Uploaded new revision
2018-11-07
01 Stephen Farrell New version available: draft-ietf-tls-oldversions-deprecate-01.txt
2018-11-07
01 (System) New version approved
2018-11-07
01 (System) Request for posting confirmation emailed to previous authors: Stephen Farrell <stephen.farrell@cs.tcd.ie>, Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
2018-11-07
01 Stephen Farrell Uploaded new revision
2018-10-31
00 Sean Turner Added to session: IETF-103: tls  Mon-1350
2018-09-14
00 Sean Turner This document now replaces draft-moriarty-tls-oldversions-diediedie instead of None
2018-09-14
00 Stephen Farrell New version available: draft-ietf-tls-oldversions-deprecate-00.txt
2018-09-14
00 (System) WG -00 approved
2018-09-14
00 Stephen Farrell Set submitter to "Stephen Farrell <stephen.farrell@cs.tcd.ie>", replaces to (none) and sent approval email to group chairs: tls-chairs@ietf.org
2018-09-14
00 Stephen Farrell Uploaded new revision