Editing Transport Layer Security (section)

===TLS 1.2===
TLS 1.2 was defined in {{IETF RFC|5246}} in August 2008.{{Ref RFC|5246}} It is based on the earlier TLS 1.1 specification. Major differences include:
*The [[MD5]] and [[SHA-1]] combination in the [[Pseudorandom function family|pseudorandom function]] (PRF) was replaced with [[SHA-256]], with an option to use [[cipher suite]] specified PRFs.
*The MD5 and SHA-1 combination in the finished message [[Hash function|hash]] was replaced with SHA-256, with an option to use cipher suite specific hash algorithms. However, the size of the hash in the finished message must still be at least 96 [[bit]]s.{{Ref RFC|5246|rsection=7.4.9}}
*The MD5 and SHA-1 combination in the digitally signed element was replaced with a single hash negotiated during [[Handshake (computing)|handshake]], which defaults to SHA-1.
*Enhancement in the client's and server's ability to specify which hashes and signature algorithms they accept.
*Expansion of support for [[authenticated encryption]] ciphers, used mainly for [[Galois/Counter Mode]] (GCM) and [[CCM mode]] of [[Advanced Encryption Standard]] (AES) encryption.
*TLS Extensions definition and AES cipher suites were added.<ref name="urlnvlpubs.nist.gov" />

All TLS versions were further refined in {{IETF RFC|6176}} in March 2011, removing their backward compatibility with SSL such that TLS sessions never negotiate the use of Secure Sockets Layer (SSL) version 2.0. As of April 2025 there is no formal date for TLS 1.2 to be deprecated. The specifications for TLS 1.2 became redefined as well by the Standards Track Document {{IETF RFC|8446}} to keep it as secure as possible; it is to be seen as a failover protocol now, meant only to be negotiated with clients which are unable to talk over TLS 1.3 (The original RFC 5246 definition for TLS 1.2 is since then obsolete).