{"draft":"draft-ietf-opsawg-tacacs-tls13-24","doc_id":"RFC9887","title":"Terminal Access Controller Access-Control System Plus (TACACS+) over TLS 1.3","authors":["T. Dahm","J. Heasley","D.C. Medway Gash","A. Ota"],"format":["HTML","TEXT","PDF","XML"],"page_count":"15","pub_status":"PROPOSED STANDARD","status":"PROPOSED STANDARD","source":"Operations and Management Area Working Group","abstract":"This document specifies the use of Transport Layer Security (TLS)\r\nversion 1.3 to secure the communication channel between a Terminal\r\nAccess Controller Access-Control System Plus (TACACS+) client and\r\nserver. TACACS+ is a protocol used for Authentication, Authorization,\r\nand Accounting (AAA) in networked environments. The original TACACS+\r\nprotocol does not mandate the use of encryption or secure transport.\r\nThis specification defines a profile for using TLS 1.3 with TACACS+,\r\nincluding guidance on authentication, connection establishment, and\r\noperational considerations. The goal is to enhance the\r\nconfidentiality, integrity, and authenticity of TACACS+ traffic,\r\naligning the protocol with modern security best practices.\r\n\r\nThis document updates RFC 8907.","pub_date":"December 2025","keywords":["TACACS+"],"obsoletes":[],"obsoleted_by":[],"updates":["RFC8907"],"updated_by":[],"see_also":[],"doi":"10.17487\/RFC9887","errata_url":null}