Archived
TD0216: FCS_TLS_EXT.1.1 - TLS_RSA_WITH_AES_128_CBC_SHA Optional Selection
Publication Date
2017.06.13
Protection Profiles
PP_VOIP_V1.3
Other References
FCS_TLS_EXT.1.1; PP_VOIP_V1.3
Issue Description
The PP_VOIP_V1.3 currently mandates support for TLS_RSA_WITH_AES_128_CBC_SHA. This ciphersuite is being deprecated and future PPs can be expected not to have ciphersuites with SHA-1. Resolution
FCS_TLS_EXT.1.1 is modified as follows: TLS_RSA_WITH_AES_128_CBC_SHA is moved from mandatory to optional. The following text is added to the application note: It is recognized that RFC 5246 mandates the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA, but use of SHA-1 for digital signature generation is no longer recommended (see NIST SP 800-131A rev-1 and SP 800-78-4). Subsequent revisions of the PP will not include SHA-1.
FCS_TLSS_EXT.1.1 The [selection, choose at least one of: VoIP client application, client device platform] shall implement one or more of the following protocols [selection: TLS 1.0 (RFC 2246), TLS 1.1 (RFC 4346), TLS 1.2 (RFC 5246)] using mutual authentication with certificates and supporting the following ciphersuites: [selection: TLS_RSA_WITH_AES_128_CBC_SHA as defined in RFC 3268 TLS_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246
Application Note: The ciphersuites to be tested in the evaluated configuration are limited by this requirement. The ST author should select the ciphersuites that are supported. It is necessary to limit the ciphersuites that can be used in an evaluated configuration administratively on the server in the test environment. The Suite B algorithms listed above (RFC 6460) are the preferred algorithms for implementation. In a future version of this PP TLS v1.2 will be required for all TOEs. It is recognized that RFC 5246 mandates the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA, but use of SHA-1 for digital signature generation is no longer recommended (see NIST SP 800-131A rev-1 and SP 800-78-4). Subsequent revisions of the PP will not include SHA-1. Justification
It is recognized that RFC 5246 mandates the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA, but use of SHA-1 for digital signature generation is no longer recommended (see NIST SP 800-131A rev-1 and SP 800-78-4). |