Archived TD0189: NIT Technical Decision for SSH Server Encryption Algorithms
NDcPP V1.0, FWcPP V1.0, FCS_SSHC_EXT.1.4, FCS_SSHS_EXT.1.4
The Network Interpretations Team (NIT) has issued a technical decision regarding SSH Server Encryption Algorithms.
To align with NIT interpretation # 201669, FCS_SSHC_EXT.1.4 and FCS_SSHS_EXT.1.4 shall therefore be modified as follows:
"The TSF shall ensure that the SSH transport implementation uses the following encryption algorithms and rejects all other encryption algorithms: [selection: aes128-cbc, aes256-cbc, AEAD_AES_128_GCM, AEAD_AES_256_GCM]."
The corresponding application notes shall be modified as follows:
"RFC 5647 specifies the use of the AEAD_AES_128_GCM and AEAD_AES_256_GCM algorithms in SSH. As described in RFC 5647, AEAD_AES_128_GCM and AEAD_AES_256_GCM can only be chosen as encryption algorithms when the same algorithm is being used as the MAC algorithm. Corresponding FCS_COP entries are included in the ST for the algorithms selected here."
For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201669.pdf
See issue description.