EN 
NL 
DE 
The National Cyber Security Centum (NCSC) has changed its advice regarding TLS setup. The NCSC has published a new guideline for this purpose. Download 'ICT security guidelines for Transport Layer Security (TLS) v2.1
These guidelines are intended as advice when procuring, setting up and assessing configurations for the Transport Layer Security protocol (TLS). A secure TLS configuration is important for securing connections on the Internet. TLS is also known by its former name, Secure Sockets Layer (SSL). TLS is used in a wide range of applications. Well-known examples are web traffic (https), e-mail traffic (IMAP and SMTP after STARTTLS) and certain types of Virtual Private Networks (VPN).
The NCSC has decided to scale down TLS 1.2 in security level from Good to Sufficient. TLS 1.3, a thorough revision of TLS based on modern insights. TLS 1.2 is less robust than TLS 1.3 against future evolution of attack techniques.
There are two reasons for this. First, several elements of TLS 1.2 were not included in TLS 1.3 because they were found to be weak. Secondly, TLS 1.3 contains less vulnerable configuration options than TLS 1.2, making TLS 1.3 more lowly secure to configure. This means that several categories of attacks that could work on TLS 1.2 and earlier versions are no longer applicable for TLS 1.3.
Key changes in version 2.1
- The security level of TLS 1.2 has been downgraded from Good to Sufficient.
(guideline B1-1) - The requirements on the order of algorithm selections have been simplified. The order is now prescribed only at the security level.
Use only Good algorithm selections? Then the server no longer needs to enforce its own order.
(Directive B2-5) - Supporting Client-initiated renegotation is no longer Insufficient, but Sufficient.
(Directive B8-1)
Source: NCSC
