| ExtensionType | IANA | ('applies to version', '1.0') | ('applies to version', 1.1) | ('applies to version', 1.2) | ('applies to version', 1.3) | ('NIST', '') 1 | ('NIST', 'condition') | ('BSI', '') | ('BSI', 'condition') | ('ANSSI', '') | ('AgID (+MOZILLA)', '') |
|---|---|---|---|---|---|---|---|---|---|---|---|
| server_name | 0 | ✓ | ✓ | ✓ | ✓ | must | <Not mentioned> | optional | <Not mentioned> | ||
| max_fragment_length | 1 | <Not mentioned> | <Not mentioned> | not recommended | <Not mentioned> | ||||||
| client_certificate_url | 2 | ✓ | ✓ | ✓ | not recommended | <Not mentioned> | not recommended | <Not mentioned> | |||
| trusted_ca_keys | 3 | ✓ | ✓ | ✓ | must | CA count > 1 2 | <Not mentioned> | optional | <Not mentioned> | ||
| truncated_hmac | 4 | ✓ | ✓ | ✓ | optional | CIPHER CBC and VLP false and NOTE_ENABLED should only be used if the server communicates with constrained-device clients 3 | not recommended | not recommended | <Not mentioned> | ||
| status_request | 5 | ✓ | ✓ | ✓ | must | <Not mentioned> | optional | recommended 4 | |||
| user_mapping | 6 | ✓ | ✓ | ✓ | <Not mentioned> | <Not mentioned> | optional | <Not mentioned> | |||
| client_authz | 7 | <Not mentioned> | <Not mentioned> | not recommended | <Not mentioned> | ||||||
| server_authz | 8 | <Not mentioned> | <Not mentioned> | not recommended | <Not mentioned> | ||||||
| cert_type | 9 | <Not mentioned> | <Not mentioned> | not recommended | <Not mentioned> | ||||||
| supported_groups 5 | 10 | ✓ | ✓ | ✓ | ✓ | must | CIPHER ECDHE OR TLS 1.3 6 | recommended | recommended | <Not mentioned> | |
| ec_point_formats | 11 | ✓ | ✓ | ✓ | must | CIPHER EC 7 | <Not mentioned> | not recommended | <Not mentioned> | ||
| srp | 12 | ✓ | ✓ | ✓ | <Not mentioned> | <Not mentioned> | optional | <Not mentioned> | |||
| signature_algorithms | 13 | ✓ | ✓ | must | NOTE_DISABLED if this condition results as an ERROR "must be enabled" it may be a false positive. It is caused by the web server not asking the certificate to the client not allowing the tool to verify whether the extension is supported | recommended | NOTE_DISABLED if this condition results as an ERROR "must be enabled" it may be a false positive. It is caused by the web server not asking the certificate to the client not allowing the tool to verify whether the extension is supported. and NOTE_ENABLED in order for the web-server to be compliant with BSI guidelines you should enabled all the signature algorithms reccommended by BSI | recommended | <Not mentioned> | ||
| use_srtp | 14 | <Not mentioned> | <Not mentioned> | optional | <Not mentioned> | ||||||
| heartbeat | 15 | <Not mentioned> | not recommended | not recommended | not recommended | ||||||
| application_layer_protocol_negotiation | 16 | <Not mentioned> | <Not mentioned> | optional | <Not mentioned> | ||||||
| status_request_v2 8 | 17 | ✓ | ✓ | ✓ | recommended | TRANSPARENCY OCSP extension 9 | <Not mentioned> | optional | <Not mentioned> | ||
| signed_certificate_timestamp | 18 | ✓ | ✓ | ✓ | ✓ | recommended | CA publicly trusted and !TRANSPARENCY TLS extension 10 | <Not mentioned> | recommended | <Not mentioned> | |
| client_certificate_type | 19 | <Not mentioned> | <Not mentioned> | not recommended | <Not mentioned> | ||||||
| server_certificate_type | 20 | <Not mentioned> | <Not mentioned> | not recommended | <Not mentioned> | ||||||
| padding | 21 | <Not mentioned> | <Not mentioned> | optional | <Not mentioned> | ||||||
| encrypt_then_mac | 22 | ✓ | ✓ | ✓ | must | CIPHER CBC 11 | recommended | recommended | <Not mentioned> | ||
| extended_master_secret | 23 | ✓ | ✓ | ✓ | must | recommended | recommended | <Not mentioned> | |||
| record_size_limit | 28 | <Not mentioned> | <Not mentioned> | optional | <Not mentioned> | ||||||
| session_ticket | 35 | ✓ | ✓ | ✓ | <Not mentioned> | <Not mentioned> | optional | <Not mentioned> | |||
| pre_shared_key | 41 | ✓ | optional | TLS 1.3 12 | <Not mentioned> | optional | <Not mentioned> | ||||
| early_data 13 | 42 | ✓ | not recommended | <Not mentioned> | not recommended | <Not mentioned> | |||||
| supported_versions | 43 | ✓ | must | TLS 1.3 14 | <Not mentioned> | recommended | <Not mentioned> | ||||
| cookie | 44 | ✓ | must | TLS 1.3 15 | <Not mentioned> | optional | <Not mentioned> | ||||
| psk_key_exchange_modes | 45 | ✓ | must | TLS 1.3 and EXTENSION 41 16 | <Not mentioned> | optional | <Not mentioned> | ||||
| certificate_authorities | 47 | ✓ | <Not mentioned> | <Not mentioned> | optional | <Not mentioned> | |||||
| oid_filters | 48 | ✓ | <Not mentioned> | <Not mentioned> | optional | <Not mentioned> | |||||
| post_handshake_auth | 49 | ✓ | optional | TLS 1.3 17 | <Not mentioned> | optional | must not | ||||
| signature_algorithms_cert | 50 | ✓ | must | TLS 1.3 and NOTE_DISABLED if this condition results as an ERROR "must be enabled" it may be a false positive. It is caused by the web-server not asking the certificate to the client not allowing the tool to verify whether the extension is supported 18 | optional | NOTE_ENABLED This field's level is not explicitly mentioned in the guidelines. If you want to use it in order for the web-server to be compliant with BSI guidelines you should enabled all the signature algorithms reccommended by BSI and also enable the rsa_pkcs1_sha256, rsa_pkcs1_sha384 and rsa_pkcs1_sha512 signature algorithms | optional | <Not mentioned> | |||
| signature_algorithms_cert | 50 | ✓ | recommended | TLS 1.2 and NOTE_DISABLED if this condition results as an ALERT "should be enabled" it may be a false positive. It is caused by the web-server not asking the certificate to the client not allowing the tool to verify whether the extension is supported 19 | optional | NOTE_ENABLED This field's level is not explicitly mentioned in the guidelines. If you want to use it in order for the web-server to be compliant with BSI guidelines you should enabled all the signature algorithms reccommended by BSI and also enable the rsa_pkcs1_sha256, rsa_pkcs1_sha384 and rsa_pkcs1_sha512 signature algorithms | optional | <Not mentioned> | |||
| key_share | 51 | ✓ | must | TLS 1.3 20 | <Not mentioned> | recommended | <Not mentioned> | ||||
| renegotiation_info | 65281 | ✓ | ✓ | ✓ | must | recommended | recommended | must |
Footnotes
-
4.4
Extensions not needed --> should not be enabled. ↩
-
the server communicates with memory-constrained clients (e.g., low-memory client devices in the Internet of Things) AND the server has been issued certificates by multiple CAs ↩
-
the server communicates with constrained-device clients, cipher suites that use CBC mode are supported, and the server implementation does not support variable-length padding ↩
-
Inferred by the configuration generator provided by Mozilla. The presence of SSLUseStapling and SSLStaplingCache directives enable the status_request extension ↩
-
See supported groups sheet ↩
-
the server supports ephemeral ECDH cipher suites or if the server supports TLS 1.3 ↩
-
the server supports EC cipher suites ↩
-
Multiple Certificate Status extension ↩
-
status information for the server’s certificate is available via OCSP AND the extension is supported by the server implementation ↩
-
the server’s certificate was issued by a publicly trusted CA and the certificate does not include a Signed Certificate Timestamps List extension ↩
-
the server is configured to negotiate CBC cipher suites ↩
-
the server supports TLS 1.3 ↩
-
0-RTT data ↩
-
the server supports TLS 1.3 ↩
-
the server supports TLS 1.3 ↩
-
the server supports TLS 1.3 and the Pre-Sared Key extension ↩
-
the server supports TLS 1.3 ↩
-
the server supports TLS 1.3 ↩
-
the server supports TLS 1.2 ↩
-
the server supports TLS 1.3 ↩