NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0318:  Move RSA Ciphers from Mandatory to Selectable in MDM

Publication Date
2018.04.24

Protection Profiles
PP_MDM_V3.0

Other References
FCS_TLSC_EXT.1.1, FCS_TLSS_EXT.1.1

Issue Description

In PP_MDM_v3.0 , FCS_TLSC_EXT.1.1 and FCS_TLSS_EXT.1.1 mandates the support for the TLS_RSA_WITH_AES_128_CBC_SHA and TLS_RSA_WITH_AES_256_CBC_SHA cipher suites. These cipher suites are being removed as mandatory and will become optional cipher suite selections.

Resolution

20180920 - Additional ciphersuites added.

FCS_TLSC_EXT.1.1 and FCS_TLSS_EXT.1.1 are modified as follows:

FCS_TLSC_EXT.1.1 The [selection: TSF, TOE platform] shall implement TLS 1.2 (RFC 5246) and [selection: TLS 1.0 (RFC 3246), TLS1.1 (RFC 4346), no other version] supporting the following ciphersuites:

[selection:

    • TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246
    • TLS_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246
    • TLS_DHE_RSA_WITH_AES_128_CBC_ SHA256 as defined in RFC 5246
    • TLS_DHE_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289
    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289
    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289
    • TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288
    • TLS_DHE_RSA_WITH_AES_256_GCM_ SHA384 as defined in RFC 5288
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289
    • ].

Application Note: The TLS Client is required for MDM Agents in the TOE and may be included in MDM Servers in order to support Enrollment over Secure Transport (Appendix C.2.2). The ciphersuites to be tested in the evaluated configuration are limited by this requirement; however, this requirement does not restrict the TOE's ability to propose (in its Client Hello) additional ciphersuites beyond the ones listed in this requirement. Put simply, the TOE may propose any ciphersuite; however, the evaluation will only test the ciphersuties in the above list. It is recognized that RFC 5246 mandates the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA, but this cipher suite is not tested with this requirement. The ST author should select the ciphersuites that are supported. It is necessary to limit the ciphersuites that can be used in an evaluated configuration administratively on the server in the test environment. The Suite B algorithms listed above (RFC 6460) are the preferred algorithms for implementation.


These requirements will be revisited as new TLS versions are standardized by the IETF. If any ciphersuites are selected using ECDHE, then FCS_TLSC_EXT.3 is required.

FCS_TLSS_EXT.1.1 The [selection: MDM Server, MDM Server platform] shall implement TLS 1.2 (RFC 5246) and [selection: TLS 1.0 (RFC 2246), TLS 1.1 (RFC 4346), no other version] supporting the following ciphersuites:

[selection:

    • TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246
    • TLS_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246
    • TLS_DHE_RSA_WITH_AES_128_CBC_ SHA256 as defined in RFC 5246
    • TLS_DHE_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246
    • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289
    • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289
    • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289
    • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289
    • TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288
    • TLS_DHE_RSA_WITH_AES_256_GCM_ SHA384 as defined in RFC 5288
    • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289
    • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289
    • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289
    • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289
    • ].

Application Note: The MDM Server must support all versions of TLS supported by evaluated Agents listed in the ST as supported in the MDM System.

The ciphersuites to be tested in the evaluated configuration are limited by this requirement. It is recognized that RFC 5246 mandates the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA, but this cipher suite is not tested with this requirement. The ST author should select the ciphersuites that are supported. If administrative steps need to be taken so that the suites negotiated by the implementation are limited to those in this requirement, the appropriate instructions need to be contained in the guidance called for by AGD_OPE. FMT_SMF.1 addresses configuration of the ciphersuite to be used for connections. The Suite B algorithms listed above (RFC 6460) are the preferred algorithms for implementation.

These requirements will be revisited as new TLS versions are standardized by the IETF.

Justification

See issue description.

 
 
Site Map              Contact Us              Home