Several days ago, the Dutch National Cyber Security Centre released its updated “IT Security Guidelines for Transport Layer Security (TLS).” The current version 2.1 covers many aspects of TLS and further considerations, like post-quantum security, certificate management, and random number generators.
A notable change is the downgrade of TLS 1.2, which the NCSC now rates as “sufficient” (formerly “good”). The downgrade is unsurprising since TLS 1.3 got rid of many weak features, present in TLS 1.2 or earlier versions.
Their current recommendation of TLS versions is:
|TLS 1.1 – 1.0||Phase out|
|SSL 3.0 – 1.0||Insufficient|
The NCSC rates the following cipher suites as “good”:
- Key exchange: ECDHE
- Authentication: ECDSA or RSA
- Encryption: AES_256_GCM or AES_128_GCM or CHACHA20_POLY1305
- MAC: SHA-384 or SHA-256
If your web server enforces the “good” configuration only, the NCSC recommends disabling server-side cipher preference. Further recommendations are to turn off TLS 1.3 0-RTT, turn on OCSP stapling, turn off TLS renegotiation, and turn off TLS compression.
Their updated recommendations widely match our web server configuration and the suggestions on our website.