Archived TD0011: Clarification on FCS_SSH_EXT.1.4
PP_ND_V1.1, PP_ND_V1.1_Err2, requirement FCS_SSH_EXT.1.4
The SFR requires that the SSH transport implementation use specific encryption algorithms. Can the restriction to those algorithms be reliant upon configuration of the SSH client?
No. The restrictions must be implemented by the TOE.
The SFR clearly states that “The TSF shall ensure”. Hence, although a compatible client configuration is necessary for negotiations to succeed, the restrictions must be enforced by the TOE.