The National Cyber Security Center warns companies to switch to tls 1.3. The agency calls on their suppliers to ask for this. From now on, Tls 1.2 will have the security level Sufficient.
The NCSC has published an update for the guideline for the use of Transport Layer Security, the protocol for encrypting connections from, for example, the web or e-mail. According to the organization, version 1.3 of tls is the most secure and should therefore be used by all companies for internal systems. Companies that purchase new software or replace an existing system can then refer to the NCSC guidelines.
The reason for the new advice is that the NCSC has scaled tls 1.2 from the security level Good to Sufficient. The NCSC therefore still considers tls 1.2 to be a safe, but less future-proof option than tls 1.3. Tls 1.3 is “well available in recent versions of software libraries,” according to the NCSC, and the support would better prepare companies for a “future-proof configuration.”
In tls 1.3 there are some advantages over tls 1.2. For example, the new version would contain less vulnerable configuration options, making tls 1.3 easier to configure in a secure manner.