Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Second Draft of NIST's Transport Layer Security (TLS) Guidance Now Available for Comment

NIST has released the second draft of Special Publication (SP) 800-52 Rev. 2, which provides guidance regarding TLS implementations. Public comments are due November 16, 2018.

Transport Layer Security (TLS) provides mechanisms for protecting data during electronic dissemination across the Internet. Draft NIST Special Publication (SP) 800-52 Rev.2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations, provides guidance for selecting and configuring TLS protocol implementations using NIST-recommended cryptographic algorithms and Federal Information Processing Standards (FIPS). The document requires that government TLS servers and clients support TLS 1.2 configured with FIPS-based cipher suites.

This second draft extends the deadline by which agencies are urged to support TLS 1.3 to January 1, 2024. Moreover, it clarifies that TLS 1.3 is intended to coexist with TLS 1.2 rather than replace it. An appendix has also been added to discuss key exchange using RSA key transport and includes a list of cipher suites that may be used if a transition period is needed. The extensions guidance now clarifies which versions of TLS each extension applies to and provides guidance on the raw public keys extension.

A public comment period for this document is open until November 16, 2018.

Released October 15, 2018, Updated December 20, 2018