Deprecating TLS 1.0 and TLS 1.1

This document, if approved, formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those documents (will be moved|have been moved) to Historic status. These versions lack support for current and recommended cryptographic algorithms and mechanisms, and various government and industry profiles of applications using TLS now mandate avoiding these old TLS versions. TLSv1.2 became the recommended version for IETF protocols in 2008, (subsequently being obsoleted by TLSv1.3 in 2018), providing sufficient time to transition away from older versions. Removing support for older versions from implementations reduces the attack surface, reduces opportunity for misconfiguration, and streamlines library and product maintenance. This document also deprecates Datagram TLS (DTLS) version 1.0 (RFC 4347), but not DTLS version 1.2, and there is no DTLS version 1.1. This document updates many RFCs that normatively refer to TLSv1.0 or TLSv1.1 as described herein. This document also updates the best practices for TLS usage in RFC 7525 and hence is part of BCP 195.

[1]  Mark Brown,et al.  Transport Layer Security (TLS) Authorization Extensions , 2010, RFC.

[2]  Shiho Moriai,et al.  Addition of Camellia Cipher Suites to Transport Layer Security (TLS) , 2005, RFC.

[3]  Angelos D. Keromytis,et al.  Transport Layer Security (TLS) Authorization Using KeyNote , 2010, RFC.

[4]  Bodo Möller,et al.  Network Working Group Elliptic Curve Cryptography (ecc) Cipher Suites for Transport Layer Security (tls) , 2006 .

[5]  Jari Arkko,et al.  Internet Protocol Version 6 (IPv6) for Some Second and Third Generation Cellular Hosts , 2003, RFC.

[6]  Gonzalo Camarillo Connection Establishment in the Binary Floor Control Protocol (BFCP) , 2007, RFC.

[7]  Stig Venaas,et al.  Transport Layer Security (TLS) Encryption for RADIUS , 2012, RFC.

[8]  Simon Josefsson,et al.  Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier , 2018, RFC.

[9]  Xiaoming Fu,et al.  General Internet Signaling Transport (GIST) over Stream Control Transmission Protocol (SCTP) and Datagram Transport Layer Security (DTLS) , 2011, RFC.

[10]  Peter Saint-Andre,et al.  Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) , 2015, RFC.

[11]  Brad Cain,et al.  Known Content Network (CN) Request-Routing Mechanisms , 2003, RFC.

[12]  Hao Zhou,et al.  The Flexible Authentication via Secure Tunneling Extensible Authentication Protocol Method (EAP-FAST) , 2007, RFC.

[13]  Christian Huitema,et al.  STUN - Simple Traversal of User Datagram Protocol (UDP) Through Network Address Translators (NATs) , 2003, RFC.

[14]  Jari Arkko,et al.  Security Mechanism Agreement for the Session Initiation Protocol (SIP) , 2003, RFC.

[15]  Rainer Gerhards,et al.  Datagram Transport Layer Security (DTLS) Transport Mapping for Syslog , 2010, RFC.

[16]  Kurt D. Zeilenga,et al.  The PLAIN Simple Authentication and Security Layer (SASL) Mechanism , 2006, RFC.

[17]  Stefan Santesson TLS Handshake Message for Supplemental Data , 2006, RFC.

[18]  Barry Leiba,et al.  Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words , 2017, RFC.

[19]  Peter Saint-Andre Extensible Messaging and Presence Protocol (XMPP): Core , 2011, RFC.

[20]  Stefan Santesson,et al.  TLS User Mapping Extension , 2006, RFC.

[21]  Uri Blumenthal,et al.  Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS) , 2007, RFC.

[22]  Andrew L. Newton XML Pipelining with Chunks for the Internet Registry Information Service , 2007, RFC.

[23]  Scott Hollenbeck Extensible Provisioning Protocol (EPP) Transport over TCP , 2009, RFC.

[24]  Pasi Eronen DES and IDEA Cipher Suites for Transport Layer Security (TLS) , 2009, RFC.

[25]  Eric Rescorla,et al.  Transport Layer Security over Stream Control Transmission Protocol , 2002, RFC.

[26]  Vivek Kapoor,et al.  Elliptic curve cryptography , 2008, UBIQ.

[27]  Benoit Claise,et al.  Specification of the IP Flow Information Export (IPFIX) Protocol for the Exchange of IP Traffic Flow Information , 2008, RFC.

[28]  Jürgen Quittek,et al.  NEC's Simple Middlebox Configuration (SIMCO) Protocol Version 3.0 , 2006, RFC.

[29]  Ryan Hurst,et al.  The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments , 2007, RFC.

[30]  Michael B. Jones,et al.  The OAuth 2.0 Authorization Framework: Bearer Token Usage , 2012, RFC.

[31]  Eric Rescorla,et al.  Guidelines for Writing RFC Text on Security Considerations , 2003, RFC.

[32]  Victor Fajardo,et al.  Diameter Base Protocol , 2003, RFC.

[33]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.3 , 2018, RFC.

[34]  尚弘 島影 National Institute of Standards and Technologyにおける超伝導研究及び生活 , 2001 .

[35]  Russ Housley,et al.  Suite B Profile for Transport Layer Security (TLS) , 2009, RFC.

[36]  John Elwell,et al.  Interworking between the Session Initiation Protocol (SIP) and QSIG , 2006, RFC.

[37]  Mark R. Crispin Internet Message Access Protocol - Version 4rev1 , 1996, RFC.

[38]  Jonathan Lennox,et al.  Connection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP) , 2006, RFC.

[39]  Dick Hardt,et al.  The OAuth 2.0 Authorization Framework , 2012, RFC.

[40]  Roger Harrison,et al.  Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms , 2006, RFC.

[41]  Mark Handley,et al.  Internet Denial-of-Service Considerations , 2006, RFC.

[42]  Kurt D. Zeilenga Lightweight Directory Access Protocol (LDAP) Turn Operation , 2006, RFC.

[43]  Sean Turner,et al.  IANA Registry Updates for TLS and DTLS , 2018, RFC.

[44]  Wes Hardaker Transport Layer Security (TLS) Transport Model for the Simple Network Management Protocol (SNMP) , 2011, RFC.

[45]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.2 , 2008, RFC.

[46]  Dan Romascanu,et al.  Transport Mappings for Real-time Application Quality-of-Service Monitoring (RAQMON) Protocol Data Unit (PDU) , 2006, RFC.

[47]  Cullen Jennings,et al.  The Message Session Relay Protocol (MSRP) , 2007, RFC.

[48]  Cullen Jennings,et al.  Relay Extensions for the Message Sessions Relay Protocol (MSRP) , 2007, RFC.

[49]  Peter Saint-Andre,et al.  Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS) , 2015, RFC.

[50]  Marshall T. Rose,et al.  Guidelines for the Use of Extensible Markup Language (XML) within IETF Protocols , 2003, RFC.

[51]  Sean Turner,et al.  Prohibiting Secure Sockets Layer (SSL) Version 2.0 , 2011, RFC.

[52]  Bodo Möller,et al.  TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks , 2015, RFC.

[53]  Pat R. Calhoun,et al.  Control And Provisioning of Wireless Access Points (CAPWAP) Protocol Specification , 2009, RFC.

[54]  Mary Barnes,et al.  An Extension to the Session Initiation Protocol (SIP) for Request History Information , 2014, RFC.

[55]  Ted Goddard Using NETCONF over the Simple Object Access Protocol (SOAP) , 2006, RFC.

[56]  Eliot Lear,et al.  Using the NETCONF Protocol over the Blocks Extensible Exchange Protocol (BEEP) , 2006, RFC.

[57]  Eric Rescorla,et al.  The Transport Layer Security (TLS) Protocol Version 1.1 , 2006, RFC.

[58]  Andrei Popov,et al.  Prohibiting RC4 Cipher Suites , 2015, RFC.

[59]  Andrew Allen,et al.  The P-Answer-State Header Extension to the Session Initiation Protocol for the Open Mobile Alliance Push to Talk over Cellular , 2007, RFC.

[60]  Cyrus Daboo,et al.  Calendaring Extensions to WebDAV (CalDAV) , 2007, RFC.

[61]  Richard Scott,et al.  FTP Transport for Secure Peer-to-Peer Business Data Interchange over the Internet , 2007, RFC.

[62]  Julien Elie Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP) , 2017, RFC.

[63]  D. Thakore Transport Layer Security (TLS) Authorization Using Digital Transmission Content Protection (DTCP) Certificates , 2015, RFC.

[64]  Eric Rescorla,et al.  Datagram Transport Layer Security Version 1.2 , 2012, RFC.

[65]  Eric Rescorla,et al.  Datagram Transport Layer Security , 2006, RFC.

[66]  Jörg Ott,et al.  The Binary Floor Control Protocol (BFCP) , 2021, RFC.

[67]  Eric Rescorla,et al.  Datagram Transport Layer Security (DTLS) for Stream Control Transmission Protocol (SCTP) , 2011, RFC.

[68]  Hao Zhou,et al.  Transport Layer Security (TLS) Session Resumption without Server-Side State , 2008, RFC.

[69]  Salvatore Loreto,et al.  Datagram Transport Layer Security (DTLS) Encapsulation of SCTP Packets , 2017, RFC.

[70]  Frank Miller,et al.  IAX: Inter-Asterisk eXchange Version 2 , 2010, RFC.