NIST: Agencies Must Replace TLS With Updated TLS 1.1 or 1.2
The US Government will be modernizing its websites next year with new encryption guidelines from the National Institute of Standards and Technology (NIST).
Currently federal agencies only have to support Transport Layer Security 1.0 encryption on their websites. Going forward, they'll need to move to TLS 1.1 and 1.2. NIST's "Guidelines for Selection, Configuration and Use of Transport Layer Security Implementations" is expected to be published in September and take effect after the first of the new year.
"Older Web servers probably don't support TLS 1.1 and 1.2," Tim Polk, computer scientist and group manager for NIST's cryptology technology group told PCWorld. He went on to add that some agencies will need to acquire new Web server products. The new guidelines will also include extended validation certificates which include much more extensive confirmation that the site is truly the site you intended to visit.