U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Office of Information Systems Management (OISM)

TLS 1.0 is Being Turned Off for www.nist.gov

Share

If your browser does not have TLS 1.1 or higher enabled after we disable TLS 1.0, then you will NOT be able to access NIST’s website after February 13, 2017. 

As a user of the NIST public website, we want to inform you of a change regarding supported encryption protocols. Starting in February 2017, NIST will begin disabling the TLS 1.0 encryption protocol. This action will prevent TLS 1.0 from being used to access the NIST website. 

Why is this happening? 

Sensitive data—from credit card numbers to patient health information to social networking details—need protection when transmitted across an insecure network, so administrators employ protocols that reduce the risk of that data being intercepted and used maliciously. TLS, a standard specified by the Internet Engineering Task Force, defines the method by which client and server computers establish a secure connection with one another to protect data that is passed back and forth. TLS is used by a wide variety of everyday applications, including email, secure web browsing, instant messaging and voice-over-IP (VOIP). 

The Internet Engineering Task Force found vulnerabilities in TLS 1.0, one of the most widely used protocols, and updated it to TLS 1.1 and then TLS 1.2 to resolve many of these security issues. In order to mitigate these vulnerabilities and conform to our own recommendations, NIST will disable the use of TLS 1.0 for connections to our public website. 

What action do I need to take? 

If you want to continue to access the NIST website, you need to ensure your browser(s) have TLS 1.1 and/or TLS 1.2 enabled. If your browser or integration does not have TLS 1.1 or higher enabled after we make this change, then you will NOT be able to access our website. 

You can see if your browser supports TLS 1.1 or 1.2 at this site: 

https://www.ssllabs.com/ssltest/viewMyClient.html 

View this page to Enable TLS 1.1 and 1.2 on Various browsers 

https://knowledge.geotrust.com/support/knowledge-base/index?page=content&id=INFO3299 

Created January 17, 2017, Updated March 15, 2018