NIST Requests Comments on SP 800-52 Rev. 2 | Selection, Configuration, and Use of TLS Implementations
NIST maintains its cryptography standards and guidelines using a periodic review process. Currently, we are reviewing NIST Special Publication (SP) 800-52 Rev. 2, Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations (2019), and would like feedback on all aspects of that publication.
NIST expects to revise SP 800-52 Rev. 2 to align it with recent Internet Engineering Task Force (IETF) drafts on TLS 1.3. Additionally, we seek feedback on the following areas of particular concern:
- Is there a strong reason for NIST to continue to recommend that servers should support TLS 1.2, or can the recommendation be changed such that servers may support TLS 1.2?
- Are there sectors or applications where it is common for non-government client devices that do not support TLS 1.3 (or TLS 1.2) to connect to government servers?
- Is there a compelling reason to conditionally allow support for TLS 1.0 or TLS 1.1 if the system administrator determines that it is necessary?
The public comment period is open through July 10, 2026. Comments may address the concerns raised in this announcement or other issues around security, implementation, clarity, risk, or relevance to current applications.
Send comments to cryptopubreviewboard@nist.gov with “Comments on SP 800-52 Rev. 2" in the subject. Comments received in response to this request will be posted on the Crypto Publication Review Project site after the due date. Submitters’ names and affiliations (when provided) will be included, while contact information will be removed. See the project site for additional information about the review process.
NIST Cybersecurity and Privacy Program
Questions and comments can be directed to: cryptopubreviewboard@nist.gov
CSRC Website questions: csrc-inquiry@nist.gov
|
