TLS v1.3 and FIPS: Can they be friends? (G13c)
In August 2017 a new version 1.3 of the Transport Layer Security (TLS) protocol which is a secure protocol for transporting data between devices and across the internet was released. RFC 8446 (The Transport Layer Security (TLS) Protocol Version 1.3) is the result of over a four year process and its primary objectives is to overcome major weaknesses suffered in previous TLS versions.
Acumen have been asked on several occasions by our customers and partners how or if they can include TLS 1.3 in their FIPS 140-2 module validations. The objective of this presentation is to provide an overview of TLS 1.3 as it relates to FIPS 140-2 module validations. Guidance will be provided to product vendors and labs on what needs to be implemented and tested. CVMP input will be provided on how TLS 1.3 and the associated functions (algorithms used for key exchange, key derivation, authenticated encryption etc.) shall be documented in the test report and security policy for software and hardware validations.