If your browser does not have TLS 1.1 or higher enabled after we disable TLS 1.0, then you will NOT be able to access NIST’s website after February 13, 2017.
As a user of the NIST public website, we want to inform you of a change regarding supported encryption protocols. Starting in February 2017, NIST will begin disabling the TLS 1.0 encryption protocol. This action will prevent TLS 1.0 from being used to access the NIST website.
Why is this happening?
Sensitive data—from credit card numbers to patient health information to social networking details—need protection when transmitted across an insecure network, so administrators employ protocols that reduce the risk of that data being intercepted and used maliciously. TLS, a standard specified by the Internet Engineering Task Force, defines the method by which client and server computers establish a secure connection with one another to protect data that is passed back and forth. TLS is used by a wide variety of everyday applications, including email, secure web browsing, instant messaging and voice-over-IP (VOIP).
The Internet Engineering Task Force found vulnerabilities in TLS 1.0, one of the most widely used protocols, and updated it to TLS 1.1 and then TLS 1.2 to resolve many of these security issues. In order to mitigate these vulnerabilities and conform to our own recommendations, NIST will disable the use of TLS 1.0 for connections to our public website.
What action do I need to take?
If you want to continue to access the NIST website, you need to ensure your browser(s) have TLS 1.1 and/or TLS 1.2 enabled. If your browser or integration does not have TLS 1.1 or higher enabled after we make this change, then you will NOT be able to access our website.
You can see if your browser supports TLS 1.1 or 1.2 at this site:
View this page to Enable TLS 1.1 and 1.2 on Various browsers