Archived
TD0189: NIT Technical Decision for SSH Server Encryption Algorithms
Publication Date
2017.04.10
Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0
Other References
NDcPP V1.0, FWcPP V1.0, FCS_SSHC_EXT.1.4, FCS_SSHS_EXT.1.4
Issue Description
The Network Interpretations Team (NIT) has issued a technical decision regarding SSH Server Encryption Algorithms. Resolution
To align with NIT interpretation # 201669, FCS_SSHC_EXT.1.4 and FCS_SSHS_EXT.1.4 shall therefore be modified as follows: "The TSF shall ensure that the SSH transport implementation uses the following encryption algorithms and rejects all other encryption algorithms: [selection: aes128-cbc, aes256-cbc, AEAD_AES_128_GCM, AEAD_AES_256_GCM]." The corresponding application notes shall be modified as follows: "RFC 5647 specifies the use of the AEAD_AES_128_GCM and AEAD_AES_256_GCM algorithms in SSH. As described in RFC 5647, AEAD_AES_128_GCM and AEAD_AES_256_GCM can only be chosen as encryption algorithms when the same algorithm is being used as the MAC algorithm. Corresponding FCS_COP entries are included in the ST for the algorithms selected here." For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201669.pdf Justification
See issue description. |