Newhouse, W.
(2025),
Addressing Visibility Challenges with TLS 1.3 within the Enterprise, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.1800-37, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=960070
(Accessed September 19, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Addressing Visibility Challenges with TLS 1.3 within the Enterprise
Published
Author(s)
Abstract
The Transport Layer Security (TLS) protocol is widely deployed to secure network traffic. TLS 1.3 has been strengthened so that even if a TLS-enabled server is compromised, the contents of its previous TLS communications are still protected—also known as forward secrecy. The approach used to achieve forward secrecy may interfere with passive decryption techniques that enterprises use to gain more visibility into their TLS 1.2 traffic. Enterprises' authorized network security staff rely on that visibility to implement controls that conform to cybersecurity, operational, and regulatory requirements—forcing them to choose between using the TLS 1.2 protocol or adopting the more secure TLS 1.3 to gain an alternative method for internal traffic visibility. The NCCoE, in collaboration with technology providers and enterprise customers, initiated a project to demonstrate options for maintaining visibility within the TLS 1.3 protocol using several standards-compliant builds that enterprises can use for real-time and post-facto systems monitoring and analytics capabilities. This publication contains demonstrated proofs of concept along with links to detailed technical information on Github. You can use this guidance to implement the builds described in this document. This guide also includes links to mappings of TLS 1.3 visibility principles to commonly used security standards and guidance.Citation
Special Publication (NIST SP) - 1800-37
Report Number
1800-37
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
bounded lifetime, break and inspect, ephemeral, key management, middlebox, passive decryption, passive inspection, protocol, Transport Layer Security (TLS), visibility.
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created September 17, 2025