Announcements
Voting is now open!
Members, make your selections in the annual (ISC)² Board of Directors election. Vote Now! Voting is open until Sept. 22.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
AppDefects
Community Champion

NSA Releases Guidance on Eliminating Obsolete TLS

The National Security Agency (NSA) has released a Cybersecurity Information (CSI) sheet on eliminating obsolete Transport Layer Security (TLS) configurations. Although the guidance is not exactly new, the information sheet identifies strategies to detect obsolete cipher suites and key exchange mechanisms, discusses recommended TLS configurations, and provides remediation recommendations for organizations using obsolete TLS configurations. What I do like about the guidance is that they offer advice on traffic blocking.

1 Reply
ITProJeff
Newcomer II

Re: NSA Releases Guidance on Eliminating Obsolete TLS

I saw this today as it popped up on the Reddit sysadmin forum. I'll agree that it's one of the better government documents I've seen on the topic. More straightforward with what you should do and lacks the cover pages and other language not needed to mitigate, much more straightforward. Also appreciate the list to many scanners on the github link. There were a few in there I hadn't used and like the results page more than the ones I had been using.

 

For those not familiar, the best way to implement, in Windows IIS servers at least, is to utilize the IIS Crypto utility. That will save you from modifying multiple registry keys and makes backing up the original keys easy.