31 i. Federal Agencies shall use the key size guidelines provided in [ SP800- 131A ] to check the client key size. k. The server shall be configured to maintain the trust anchors of the various PKIs whose subscribers are the potential clients for the server, and include them in the hints list. i. Alternatively, the server should be configured to send an empty hints list so that the client can always provide a certificate it possesses. l. The server hints list shall be distinct from the server’s trust anchor store. m. The server shall continue to only populate its trust anchor store with the trust anchor of the server PKI domain and the domains it needs to trust directly for client authentication. 6. Session Resumption a. If there is a requirement to authenticate each client as it initiates a connection session, the server shall be configured to ignore requests to resume a session, and generate a new session ID, which forces the entire handshake procedure including client authentication to proceed. 7. Compression Methods a. The server should be configured to only support the null compression method, which disables TLS compression. b. If compression is used, the server shall be configured to only support the methods defined in [ RFC3749 ]. i. If the client population served is known to support the compression method in [ RFC3943 ], that method may be used instead. c. The server shall not be configured to support other compression methods. 8. Operational Considerations a. The server shall operate on a secure operating system. b. Where the server relies on a FIPS 140 Level 1 cryptographic module, the software and private key shall be protected using the operating system identification, authentication and access control mechanisms.

3.9.3 Recommendations for Server System Administrators

A Server System Administrator is an individual who is responsible for maintaining the TLS server on a day-to-day basis. 1. Version Support a. System administrators shall develop migration plans to support TLS 1.2 by January 1, 2015. 2. Certificates a. System administrators shall use Sections 3.2.1 and 3.2.2 to identify an appropriate source for certificates. b. System administrators shall install, maintain, and update certificates in accordance with the certificate recommendations of Section 3.9.2. 3. Cryptographic Support a. System administrators shall maintain confidentiality and integrity service configurations in accordance with the recommendations of Section 3.9.2. 32 4. Client Authentication a. System administrators of a TLS server that supports certificate-based client authentication shall perform an analysis of the client certificate issuers and use that information to determine the minimum set of trust anchors required for the server. i. The server shall be configured only to include only the minimum set of trust anchors needed. 5. Operational Considerations a. System administrators shall ensure that TLS servers include appropriate network security protections as specified in other NIST guidelines. b. The server shall operate on a secure operating system. c. Where the server relies on a FIPS 140 Level 1 cryptographic module, the system administrator shall ensure that the software and private key are protected using the operating system identification, authentication and access control mechanisms. d. The system administrator shall ensure that the server and associated platform are kept up-to-date in terms of security patches. 33 4 Minimum Requirements for TLS Clients This section provides a minimum set of requirements that a TLS client must meet in order to adhere to these guidelines. Requirements are organized in the following sections: TLS protocol version support; client keys and certificates; cryptographic support; TLS extension support; server authentication; session resumption; compression methods; and operational considerations. Specific requirements are stated as either implementation requirements or configuration requirements. Implementation requirements indicate that Federal agencies shall not procure TLS client implementations unless they include the required functionality. Configuration requirements indicate that system administrators are required to verify that particular features are enabled, or in some cases, configured appropriately if present.

4.1 Protocol Version Support