Title
Transport Layer Security Profile
Description
This profile provides detailed information, guidance, and standards to be used for the usage of Transport Layer Security version 1.3 (TLS 1.3) protocol to provide authentication, confidentiality and integrity services for protecting the communication between service providers and consumers.

Reference document

Org
FMN
Pubnum
Date
2023-10-16
Version
Title
FMN Spiral 5 Specification

Taxonomy

Standards

Obligation: MANDATORY, Lifecycle: CURRENT

Base standard

Guidance

Certificate validation

  • Federated services that implement TLS shall perform certificate validation. Certificate validation shall include checking at least full certificate path validation, certificate validity period and certificate revocation status.
  • Federated services that implement TLS shall be able to check the revocation status of digital certificates through HTTP or OSCP endpoints.
  • If compliance and validation of Digital Certificates fail, TLS connections shall be terminated

Cryptographic algorithms and cipher suites

  • TLS_AES_128_GCM_SHA256 (mandatory)
  • TLS_AES_256_GCM_SHA384 (recommended)
  • TLS_CHACHA20_POLY1305_SHA256 (recommended)
  • If no cipher suite could be negotiated, TLS connections shall be terminated.

Maximum lifetime and session termination

  • The upper limit for the lifetime of a TLS session shall not exceed 48 hours.
  • When the TLS connection is closed, ephemeral keys shall be securely deleted.

Disallowed standards and extensions

  • SSL version 2.0, version 3.0 and TLS version 1.0, 1.1 or 1.2
  • The Heart Beat Extension (RFC 6520)

Status

URI

History

Flag Date RFC Version
added 2023-12-01 15-023 15
UUID
97a0b200-97a3-4f94-a487-041598ba40c2

Utilization

This profile is used by the following profiles: