During a 2025 compliance review, your team must reconfigure the SSLProtocol setting in Apache on a Fedora-based web server so that only Transport Layer Security versions that are not deprecated by RFC 8996 and that satisfy the minimum requirements of NIST SP 800-52 Rev. 2 remain enabled. Which set of protocol versions meets this requirement while still allowing secure connections from modern clients?
RFC 8996 formally deprecates TLS 1.0 and TLS 1.1 because they rely on obsolete cryptographic primitives and are vulnerable to several downgrade and cipher-related attacks. SSL 3.0 is even older and is disabled industry-wide due to the POODLE flaw. NIST SP 800-52 Rev. 2 specifies that servers shall support TLS 1.2 and should support TLS 1.3, requiring agencies to add TLS 1.3 by January 1, 2024. Enabling only TLS 1.2 and TLS 1.3 therefore provides strong cryptography, forward secrecy, and standards compliance, whereas leaving any earlier protocol version enabled would violate current best-practice guidance.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
What is the purpose of RFC 8996 in relation to TLS protocols?
Open an interactive chat with Bash
What is the POODLE flaw, and why does it make SSL 3.0 insecure?
Open an interactive chat with Bash
What are the key benefits of using TLS 1.2 and TLS 1.3 according to NIST SP 800-52 Rev. 2?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Security
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access