IT Security Guidelines for Transport Layer Security (TLS)

  • Type: Factsheet
  • Last change: 23-04-2019
  • First publication: 23-04-2019
  • Version: 2.0
  • Status: Active

These guidelines are intended to aid during procurement, set-up and review of configurations of the Transport Layer Security protocol (TLS). TLS is the most popular protocol to secure connections on the Internet.

Transport Layer Security (TLS) is a protocol for the establishment and use of a cryptographically secured connection between two computer systems, a client and a server. TLS is also known by its older name, Secure Sockets Layer (SSL). TLS is applied in a large number of contexts. Well known examples include web traffic (https), e-mail traffic (IMAP and SMTP after STARTTLS) and certain types of virtual private networks (VPN).

These guidelines are technical in nature. They help an organisation choose between all possible configurations of TLS to arrive at a secure configuration. An administrator or supplier then applies this configuration.

Read the announcement: Future-proof TLS configuration using the updated TLS guidelines from NCSC

This publication is also available in Dutch.

Download

CSAN 2018

Nederland digitaal veilig