TD0741: Arbitrary Ciphers in FCS_TTTC/S_EXT
Publication Date
2023.05.26
Protection Profiles
MOD_STIP_V1.1
Other References
Section 5.2.3, FCS_TTTC_EXT.1.1, TTTS_EXT.1.1
Issue Description
Assignment for other ciphersuites supported is intended for ciphersuites not defined in FIPS and should not be used to introduce ciphersuites that are publicly known to be weak or cannot be securely implemented. Resolution
The Application Note for FCS_TTTC_EXT.1.1, in Section 5.2.3 of MOD_STIP_V1.1, is modified as follows, with strikethrough denoting deletion and bold underline denoting addition: Application Note: TLS version 1.2 and 1.0 must be supported; support for TLS version 1.1 is optional, and should be chosen if the STIP supports it. The list of cipher suites to support is mandatory but includes some selections in order to support legacy servers that may be required by the monitored clients; additional cipher suites that have not been publicly designated as weak and that do not have appropriate mitigations that ensure a secure implementation may The order of the cipher suites above should be maintained in the ST; FCS_TTTC_EXT.1.4 indicates that the cipher suites are presented in order of preference in the Client Hello sent to the requested server, and that preference is defined as the order in the above SFR. In particular, any additional ciphersuites included in the assignment should be in preference order, and included in the client hello message as lower preference than the required ciphersuites. The above list (as instantiated in the ST) limits the cipher suites that may be proposed by the TOE to the requested server. Behavior if the requested server responds with a cipher suite that is not offered The selection should indicate if mutual authentication and/or session renegotiation is supported. These selections must be the same for both FCS_TTTC_EXT.1.1 and FCS_TTTS_EXT.1.1. If mutual authentication is selected, the requirements in Section B.4 will be included by the ST author. For this technology, mutual authentication is not desirable on these connections because the STIP will have to issue a certificate representing the client to the requested server, and the server will have to have a trust anchor for that certificate. If session renegotiation is selection, FCS_TTTC_EXT.4 from Section B.5 will be included by the ST author. The data encryption and decryption algorithms used in this element are performed in accordance with FCS_COP.1/STIP. The Application Note for FCS_TTTS_EXT.1.1, in Section 5.2.3 of MOD_STIP_V1.1, is modified as follows, with strikethrough denoting deletion and bold underline denoting addition: Application Note: TLS version 1.2 and 1.0 must be supported; support for TLS version 1.1 is optional, and should be chosen if the STIP supports it. The list of cipher suites to support is mandatory but includes some selections in order to support legacy clients that may be required by the organization; additional cipher suites that have not been publicly designated as weak and that do not have appropriate mitigations that ensure a secure implementation may The above list (as instantiated in the ST) limits the cipher suites that may be specified by the TOE when responding to the monitored client. The data encryption and decryption algorithms used in this element are performed in accordance with FCS_COP.1/STIP. The selection should indicate if mutual authentication and/or session renegotiation is supported. These selections must be the same for both FCS_TTTC_EXT.1.1 and FCS_TTTS_EXT.1.1. If mutual authentication is selected, the requirements in Section B.4 will be included by the ST author. For this technology, mutual authentication is not desirable on these connections because the STIP will have to issue a certificate representing the client to the requested server, and the server will have to have a trust anchor for that certificate. If session renegotiation is selected, FCS_TTTS_EXT.4 in section B.5 will be included by the ST author. The data encryption and decryption algorithms used in this element are performed in accordance with FCS_COP.1/STIP.
Justification
See Issue Description. |