title

RFC 8996 - Deprecating TLS 1.0 and TLS 1.1

charset

utf-8

X-UA-Compatible

IE=edge

viewport

width=device-width, initial-scale=1

description

Deprecating TLS 1.0 and TLS 1.1 (RFC 8996, )

og:title

RFC 8996: Deprecating TLS 1.0 and TLS 1.1

og:url

https://datatracker.ietf.org/doc/html/rfc8996

og:site_name

IETF Datatracker

og:description

This document formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346). Accordingly, those documents have been moved to Historic status. These versions lack support for current and recommended cryptographic algorithms and mechanisms, and various government and industry profiles of applications using TLS now mandate avoiding these old TLS versions. TLS version 1.2 became the recommended version for IETF protocols in 2008 (subsequently being obsoleted by TLS version 1.3 in 2018), providing sufficient time to transition away from older versions. Removing support for older versions from implementations reduces the attack surface, reduces opportunity for misconfiguration, and streamlines library and product maintenance. This document also deprecates Datagram TLS (DTLS) version 1.0 (RFC 4347) but not DTLS version 1.2, and there is no DTLS version 1.1. This document updates many RFCs that normatively refer to TLS version 1.0 or TLS version 1.1, as described herein. This document also updates the best practices for TLS usage in RFC 7525; hence, it is part of BCP 195.

og:type

article

twitter:card

summary_large_image

alternate

/feed/document-changes/rfc8996/

apple-touch-icon

https://static.ietf.org/dt/12.40.0/ietf/images/ietf-logo-nor-180.png

canonical

https://datatracker.ietf.org/doc/html/rfc8996

icon

https://static.ietf.org/dt/12.40.0/ietf/images/ietf-logo-nor-32.png

icon

https://static.ietf.org/dt/12.40.0/ietf/images/ietf-logo-nor-16.png