TLS Versioning and Ciphers
Recommended TLS versions
Required: TLS 1.2
Recommended: TLS 1.3
Configurations:
Configure the TLS 1.2 Intermediate server ciphers as specified in [1,2,3]
Disable by default cryptographically insecure ciphers identified in [1,3]
Prohibited: Any version of SSL, TLS 1.0 [5], TLS 1.1 [5]
TLS Protocol profiles recommendations
The Internet Assigned Numbers Authority (IANA), Mozilla Operations Security and Enterprise Information Security, and the Open Web Application Security Project (OWASP) maintain web pages [1,2,3] that serve as a reference guides for navigating the TLS and DTLS landscape. IANA provides the definitive guide for TLS cipher suite recommendations, adding and formally deprecating cipher suites, typically backed by referenced documentation to implement or providing justification for deprecation. Mozilla and OWASP divides the TLS ciphers into three classifications: Modern, Intermediate and Old.
Modern: Modern clients that support TLS 1.3, with no need for backwards compatibility
Intermediate: Recommended configuration for a general-purpose server
Old: Services accessed by very old clients or libraries, such as Internet Explorer 8 (Windows XP), Java 6, or OpenSSL 0.9.8
Intermediate Ciphers for TLS 1.2
This is the recommended set of ciphers, protocol, TLS curves, supported certificate types, Diffie-Hellman parameter size, strict transport security, certificate life spans, and cipher preference. The Intermediate ciphers and configuration parameters are highly secure and compatible with nearly every client released in the last five (or more) years. Per RFC7525, Clients SHOULD include TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as the first proposal to any server, unless they have prior knowledge that the server cannot respond to a TLS 1.2 client_hello message.
Cipher suites:
ECDHE_ECDSA_AES128_GCM_SHA256
ECDHE_RSA_AES128_GCM_SHA256
ECDHE_ECDSA_AES256_GCM_SHA384
ECDHE_RSA_AES256_GCM_SHA384
ECDHE_ECDSA_CHACHA20_POLY1305
ECDHE_RSA_CHACHA20_POLY1305
DHE_RSA_AES128_GCM_SHA256
DHE_RSA_AES256_GCM_SHA384
TLS curves: X25519, prime256v1, secp384r1
Certificate type: ECDSA (P-256) (recommended), or RSA (2048 bits)
DH parameter size: 2048 (ffdhe2048, RFC 7919)
HTTP Strict Transport Security (HSTS): max-age=63072000 (two years)
Maximum certificate lifespan: 90 days (recommended) to 2 years
Cipher preference: client chooses
Intermediate Ciphers for TLS 1.3
The following ciphers and are considered Intermediate for TLS 1.3.
Cipher suites (TLS 1.3):
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
Protocols: TLS 1.3
TLS curves: X25519, prime256v1, secp384r1
Certificate type: ECDSA (P-256) (recommended), or RSA (2048 bits)
DH parameter size: 2048 (ffdhe2048, RFC 7919)
HTTP Strict Transport Security (HSTS): max-age=63072000 (two years)
Maximum certificate lifespan: 90 days (recommended) to 2 years
Cipher preference: client chooses
Modern Ciphers for TLS 1.3
For services with clients that support TLS 1.3 and do not need backward compatibility, the Modern configuration provides an extremely high level of security.
Cipher suites (TLS 1.3):
TLS_AES_128_GCM_SHA256
TLS_AES_256_GCM_SHA384
TLS_CHACHA20_POLY1305_SHA256
Protocols: TLS 1.3
Certificate type: ECDSA (P-256)
TLS curves: X25519, prime256v1, secp384r1
HSTS: max-age=63072000 (two years)
Maximum certificate lifespan: 90 days
Cipher preference: client chooses
References
[1] Transport Layer Security (TLS) Parameters. https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml. Created 23 August, 2005. Last updated 7 April 2020.
[2] Security/Server Side TLS, Mozilla Wiki. https://wiki.mozilla.org/Security/Server_Side_TLS#Cipher_names_correspondence_table. 2 January 2020
[3] TLS Cipher String Cheat Sheet, OWASP Cheat Sheet Series. https://cheatsheetseries.owasp.org/cheatsheets/TLS_Cipher_String_Cheat_Sheet.html. 2020
[4] Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS). Request for Comments: 7525. Internet Engineering Task Force (IETF). https://tools.ietf.org/html/rfc7525. May 2015.
[5] Deprecating TLSv1.0 and TLSv1.1. draft-ietf-tls-oldversions-deprecate-06. Internet Engineering Task Force (IETF). https://tools.ietf.org/html/draft-ietf-tls-oldversions-deprecate-06. 6 January 2020.
[6] Technical specification (TS) 33.210 3G security; Network Domain Security (NDS); IP network layer security. Release 5. https://portal.3gpp.org/desktopmodules/Specifications/SpecificationDetails.aspx?specificationId=2279. 27 March 2020.