263
edits
Changes
GC HTTPS Web Server Config (view source)
Revision as of 14:27, 30 November 2018
, 14:27, 30 November 2018→Recommendations
==Recommendations==
==Recommendations==
Departments should make use of CSE-approved protocols, as outlined in: CSE’S ITSP.40.062 [https://www.cse-cst.gc.ca/en/publication/list/Security-Protocols Guidance on Securely Configuring Network Protocols].
Departments should make use of CSE-approved protocols, as outlined in: CSE’S ITSP.40.062 [https://www.cse-cst.gc.ca/en/publication/list/Security-Protocols Guidance on Securely Configuring Network Protocols]. Per CSE guidance ITSP.40.062: TLS servers and clients should be configured to use TLS 1.2 as specified in RFC 5246 The Transport Layer Security (TLS) Protocol Version 1.2 [9]. Older versions of TLS and all versions of Secure Sockets Layer (SSL) should not be used since vulnerabilities exist.
Per CSE guidance ITSP.40.062: TLS servers and clients should be configured to use TLS 1.2 as specified in RFC 5246 The Transport Layer Security (TLS) Protocol Version 1.2 [9]. Older versions of TLS and all versions of Secure Sockets Layer (SSL) should not be used since vulnerabilities exist.
A broad overview of the use of TLS is provided in the draft [https://csrc.nist.gov/publications/detail/sp/1800-16/draft NIST Securing Web Transactions: TLS Server Certificate Management] Special Publication (SP 1800-16 (DRAFT)). Detailed TLS configuration guidance for both servers and clients is similarly provided in [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf NIST Special Publication (SP) 800 52 Rev 1 Guidelines on the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations]. Note that [https://csrc.nist.gov/publications/detail/sp/800-52/rev-2/draft NIST SP 800-52 Rev 2 draft] is available for review, but has yet to be formally published.
A broad overview of the use of TLS is provided in the draft [https://csrc.nist.gov/publications/detail/sp/1800-16/draft NIST Securing Web Transactions: TLS Server Certificate Management] Special Publication (SP 1800-16 (DRAFT)). Detailed TLS configuration guidance for both servers and clients is similarly provided in [https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf NIST Special Publication (SP) 800 52 Rev 1 Guidelines on the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations]. Note that [https://csrc.nist.gov/publications/detail/sp/800-52/rev-2/draft NIST SP 800-52 Rev 2 draft] is available for review, but has yet to be formally published.