Search RFCs
BCP 195
RFC 9325
Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS),November 2022
- File formats:
- Also available:XML file for editing
- Status:
- BEST CURRENT PRACTICE
- Obsoletes:
- RFC 7525
- Updates:
- RFC 5288,RFC 6066
- Authors:
- Y. Sheffer
P. Saint-Andre
T. Fossati - Stream:
- IETF
- Source:
- uta (sec)
Cite this RFC:TXT | XML | BibTeX
DOI: https://doi.org/10.17487/RFC9325
Discuss this RFC: Send questions or comments to the mailing listuta@ietf.org
Other actions:Submit Errata | Find IPR Disclosures from the IETF | View History of RFC 9325
Abstract
Transport Layer Security (TLS) and Datagram Transport Layer Security(DTLS) are used to protect data exchanged over a wide range ofapplication protocols and can also form the basis for securetransport protocols. Over the years, the industry has witnessedseveral serious attacks on TLS and DTLS, including attacks on themost commonly used cipher suites and their modes of operation. Thisdocument provides the latest recommendations for ensuring thesecurity of deployed services that use TLS and DTLS. Theserecommendations are applicable to the majority of use cases.
RFC 7525, an earlier version of the TLS recommendations, waspublished when the industry was transitioning to TLS 1.2. Yearslater, this transition is largely complete, and TLS 1.3 is widelyavailable. This document updates the guidance given the newenvironment and obsoletes RFC 7525. In addition, this documentupdates RFCs 5288 and 6066 in view of recent attacks.
For the definition ofStatus,seeRFC 2026.
For the definition ofStream, seeRFC 8729.