Internet-Draft draft-ietf-tls-deprecate-obsolete-kex-07.txt is now available. It is a work item of the Transport Layer Security (TLS) WG of the IETF.
Title: Deprecating Obsolete Key Exchange Methods in (D)TLS 1.2 Author: Nimrod Aviram Name: draft-ietf-tls-deprecate-obsolete-kex-07.txt Pages: 23 Dates: 2025-11-13 Abstract: For (D)TLS 1.2, this document deprecates the use of two key exchanges, namely Diffie-Hellman over a finite field and RSA, and it discourages the use of static elliptic curve Diffie-Hellman cipher suites. These prescriptions apply only to (D)TLS 1.2 since (D)TLS 1.0 and TLS 1.1 are deprecated by RFC 8996 and (D)TLS 1.3 either does not use the affected algorithm or does not share the relevant configuration options. (There is no DTLS version 1.1.) This document updates RFCs 9325, 4346, 5246, 4162, 6347, 5932, 5288, 6209, 6367, 8422, 5289, 5469, 4785, 4279, 5487, 6655, and 7905, to deprecate or discourage - i.e., change to MUST NOT or SHOULD NOT, as listed in Section 5.3 Section 5.2 Section 5.3 Section 5.4 Section 5.5 - the use of cipher suites using the above key exchange methods in (D)TLS 1.2 connections. The IETF datatracker status page for this Internet-Draft is: https://datatracker.ietf.org/doc/draft-ietf-tls-deprecate-obsolete-kex/ There is also an HTML version available at: https://www.ietf.org/archive/id/draft-ietf-tls-deprecate-obsolete-kex-07.html A diff from the previous version is available at: https://author-tools.ietf.org/iddiff?url2=draft-ietf-tls-deprecate-obsolete-kex-07 Internet-Drafts are also available by rsync at: rsync.ietf.org::internet-drafts _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
