ISO/IEC INTERNATIONAL STANDARD 20648 First edition 2016-03-01 Information technology TLS specification for storage systems Technologies de I'information - Spécification TLS pour systemes de stockage Reference number IS0/IEC 20648:2016(E) IEC S International Organization for Standardization NG INST OF STANDARDIZATION C15956617 @IS0/IEC 2016 vided by IHS under I itted without license from IHS IS0/IEC 20648:2016(E) COPYRIGHTPROTECTEDDOCUMENT IS0/IEC 2016, Published in Switzerland All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address below or ISO's member body in the country of the requester. ISO copyrightoffice Ch. de Blandonnet 8 . CP 401 CH-1214 Vernier, Geneva, Switzerland Tel. +41 22 749 01 11 Fax +41 22 749 09 47 [email protected] www.iso.org PrganizationforStandardization icensee-ZHEJIANG INSTOF STANDJSAIEC06-All rights reserved Not for Resale, 2016/4/26 02:41:18 etworking permitted without license from IHS IS0/IEC 20648:2016(E) Contents Page Foreword ..iv Introduction. ... 1 Scope. 2 Normative references 3 Terms and definitions 4 Symbols and abbreviated terms ..2 5 Overview and concepts .3 5.1 General. .3 5.2 Storage specifications .3 5.3 Overview of TLS .4 5.3.1 TLS Background. ..4 5.3.2 TLS functionality .4 5.3.3 Summary of cipher suites. ..4 5.3.4 X.509 digital certificates. .5 6 Requirements. .5 TLS protocol requirements 6.1 6.2 Cipher suites 6 6.2.1 Required cipher suites for interoperability .6 6.2.2 Recommended cipher suites for enhanced security .6 6.3 Digital certificates. .7 7 Guidance for the implementation and use of TLS in data storage .7 7.1 Digital certificates.. .7 7.1.1 Certificate model .7 7.1.2 Chain oftrust 7.1.3 Certificate lifecycle ..8 7.1.4 Revocation 7.2 Security awareness. ..8 7.3 Cipher suites 7.4 Using TLS with HTTP .9 7.5 Use of pre-shared keys .9 Bibliography .11 ii See=ZHEJIANG INST OF STANDARDIZATION C15956617 ed without license from IHS Not for Resale, 2016/4/26 02:41:18