File formats:

Also available: XML file for editing

 

Status:

PROPOSED STANDARD

Updates:

RFC 8907

Authors:

T. Dahm
J. Heasley
D.C. Medway Gash
A. Ota

Stream:

IETF

Source:

opsawg (ops)

Cite this RFC: TXT  |  XML  |   BibTeX

DOI:  https://doi.org/10.17487/RFC9887

Discuss this RFC: Send questions or comments to the mailing list opsawg@ietf.org

Other actions: Submit Errata  |  Find IPR Disclosures from the IETF  |  View History of RFC 9887

Abstract

This document specifies the use of Transport Layer Security (TLS) version 1.3 to secure the communication channel between a Terminal Access Controller Access-Control System Plus (TACACS+) client and server. TACACS+ is a protocol used for Authentication, Authorization, and Accounting (AAA) in networked environments. The original TACACS+ protocol does not mandate the use of encryption or secure transport. This specification defines a profile for using TLS 1.3 with TACACS+, including guidance on authentication, connection establishment, and operational considerations. The goal is to enhance the confidentiality, integrity, and authenticity of TACACS+ traffic, aligning the protocol with modern security best practices.

This document updates RFC 8907.

For the definition of Status, see RFC 2026.

For the definition of Stream, see RFC 8729.