{"id":2506,"date":"2018-10-15T16:34:31","date_gmt":"2018-10-15T16:34:31","guid":{"rendered":"http:\/\/www.mtin.net\/blog\/?p=2506"},"modified":"2018-10-15T16:34:31","modified_gmt":"2018-10-15T16:34:31","slug":"nist-releases-second-draft-of-guidelines-for-the-selection-configuration-and-use-of-transport-layer-security-tls-implementations","status":"publish","type":"post","link":"http:\/\/www.mtin.net\/blog\/nist-releases-second-draft-of-guidelines-for-the-selection-configuration-and-use-of-transport-layer-security-tls-implementations\/","title":{"rendered":"NIST releases second draft of &#8220;Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations.&#8221;"},"content":{"rendered":"<p>From an e-mail the <a href=\"https:\/\/nist.gov\">folks at <\/a>nist sent out.<\/p>\n<p>NIST has released a second draft of NIST Special Publication (SP) 800-52 Revision 2,<em>Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations<\/em>. It provides guidance for selecting and configuring TLS protocol implementations that utilize NIST-recommended cryptographic algorithms and Federal Information Processing Standards (FIPS). The document requires that government TLS servers and clients support TLS 1.2 configured with FIPS-based cipher suites, and recommends that agencies develop migration plans to support TLS 1.3 by January 1, 2024.<\/p>\n<p><strong>A public comment period<\/strong> for this document <strong>is open until November 16, 2018.<\/strong><\/p>\n<p>CSRC Update:<br \/>\n<a href=\"http:\/\/links.govdelivery.com\/track?type=click&amp;enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTgxMDE1Ljk2MjMwNzgxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE4MTAxNS45NjIzMDc4MSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3Mzg5ODM1JmVtYWlsaWQ9ajJzd0BtdGluLm5ldCZ1c2VyaWQ9ajJzd0BtdGluLm5ldCZmbD0mZXh0cmE9TXVsdGl2YXJpYXRlSWQ9JiYm&amp;&amp;&amp;100&amp;&amp;&amp;https:\/\/csrc.nist.gov\/news\/2018\/second-draft-of-TLS-guidance-now-available\">https:\/\/csrc.nist.gov\/news\/2018\/second-draft-of-TLS-guidance-now-available<\/a><\/p>\n<p>Publication Details:<br \/>\n<a href=\"http:\/\/links.govdelivery.com\/track?type=click&amp;enid=ZWFzPTEmbWFpbGluZ2lkPTIwMTgxMDE1Ljk2MjMwNzgxJm1lc3NhZ2VpZD1NREItUFJELUJVTC0yMDE4MTAxNS45NjIzMDc4MSZkYXRhYmFzZWlkPTEwMDEmc2VyaWFsPTE3Mzg5ODM1JmVtYWlsaWQ9ajJzd0BtdGluLm5ldCZ1c2VyaWQ9ajJzd0BtdGluLm5ldCZmbD0mZXh0cmE9TXVsdGl2YXJpYXRlSWQ9JiYm&amp;&amp;&amp;101&amp;&amp;&amp;https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-52\/rev-2\/draft\">https:\/\/csrc.nist.gov\/publications\/detail\/sp\/800-52\/rev-2\/draft<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>From an e-mail the folks at nist sent out. NIST has released a second draft of NIST Special Publication (SP) 800-52 Revision 2,Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations. It provides guidance for selecting and configuring TLS protocol implementations that utilize NIST-recommended cryptographic algorithms and Federal Information Processing Standards [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2163,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[274],"tags":[633,631,108,632],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/03\/download.jpg?fit=309%2C163","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6VLMf-Eq","jetpack-related-posts":[{"id":76,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-6-16-and-6-17-released\/","url_meta":{"origin":2506,"position":0},"title":"Mikrotik 6.16 and 6.17 Released","author":"j2sw","date":"July 20, 2014","format":false,"excerpt":"From the ChangeLogs What's new in 6.17 (2014-Jul-18 15:14): *) CCR1009 - fixed crash, only affects CCR1009; What's new in 6.16 (2014-Jul-17 13:12): *) 802.11ac support added in wireless-fp package for QCA9880\/9882 rev2 (-BR4A) chips; *) ip cloud now allows to set which IP to use - detected (public) or\u2026","rel":"","context":"In &quot;Mikrotik&quot;","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":99,"url":"http:\/\/www.mtin.net\/blog\/router-os-6-18-released\/","url_meta":{"origin":2506,"position":1},"title":"Router OS 6.18 released","author":"j2sw","date":"August 8, 2014","format":false,"excerpt":"From The ChangeLog What's new in 6.18 (2014-Aug-01 10:47): *) sstp - report TLS encryption as well; *) safe mode - do not allow user with less permissions to disrupt active safe mode; *) console - print command does not try to reuse item numbers assigned by previous invocations of\u2026","rel":"","context":"In &quot;Mikrotik&quot;","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":305,"url":"http:\/\/www.mtin.net\/blog\/mirkotik-router-os-6-29-released\/","url_meta":{"origin":2506,"position":2},"title":"Mikrotik Router OS 6.29 released","author":"j2sw","date":"May 28, 2015","format":false,"excerpt":"The fastTrack improvements are a big improvement for those of you doing such things. What's new in 6.29 (2015-May-27 11:19): *) ssh server - use custom generated DH primes when possible; *) ipsec - allow to specify custom IP address for my_id parameter; *) ovpn server - use subnet topology\u2026","rel":"","context":"In \"crs\"","block_context":{"text":"crs","link":"http:\/\/www.mtin.net\/blog\/tag\/crs\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1879,"url":"http:\/\/www.mtin.net\/blog\/vulnerability-in-wpa2\/","url_meta":{"origin":2506,"position":3},"title":"Vulnerability in WPA2","author":"j2sw","date":"October 16, 2017","format":false,"excerpt":"https:\/\/arstechnica.com\/information-technology\/2017\/10\/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping\/ An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the\u00a0Wi-Fi Protected Access II protocol\u00a0that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points. The proof-of-concept exploit is called KRACK, short for\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"http:\/\/www.mtin.net\/blog\/category\/security\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2017\/09\/download.jpg?fit=236%2C213&resize=350%2C200","width":350,"height":200},"classes":[]},{"id":1333,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-routeros-3-36\/","url_meta":{"origin":2506,"position":4},"title":"Mikrotik RouterOS 3.36","author":"j2sw","date":"July 22, 2016","format":false,"excerpt":"Lots of things fixed in this release. What's new in 6.36 (2016-Jul-20 14:09): *) arm - added Dude server support; *) dude - (changes discussed here: http:\/\/forum.mikrotik.com\/viewtopic.php?f=8&t=110428); *) dude - server package is now made smaller. client side content upgrade is now removed from it and is downloaded straight from\u2026","rel":"","context":"In &quot;Mikrotik&quot;","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":522,"url":"http:\/\/www.mtin.net\/blog\/lots-of-changes-in-routeros-6-34\/","url_meta":{"origin":2506,"position":5},"title":"Lots of changes in RouterOS 6.34","author":"j2sw","date":"January 29, 2016","format":false,"excerpt":"Lots of changes in RouterOS 6.34 Some Standouts that will be of benefit to alot of folks I know *) mipsle - architecture support dropped (last fully supported version 6.32.x); *) btest - significantly increased TCP bandwidth test performance; *) ssh - fixed possible kernel crash; *) crs212 - fix\u2026","rel":"","context":"In &quot;Mikrotik&quot;","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2506"}],"collection":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/comments?post=2506"}],"version-history":[{"count":1,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2506\/revisions"}],"predecessor-version":[{"id":2507,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2506\/revisions\/2507"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media\/2163"}],"wp:attachment":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media?parent=2506"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/categories?post=2506"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/tags?post=2506"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}