NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0447:  NIT Technical Decision for Using 'diffie-hellman-group-exchange-sha256' in FCS_SSHC/S_EXT.1.7

Publication Date

Protection Profiles

Other References

Issue Description

The NIT has issued a technical decision for Using 'diffie-hellman-group-exchange-sha256' in FCS_SSHC/S_EXT.1.7


The NIT understands that in case an open key exchange group is used which is then restricted to a specific cipher, the TOE would behave like a TOE where a specific key exchange group is implemented. But the restriction to acceptable key exchange groups is dependent on proper configuration of the TOE. From the NIT’s perspective the correct configuration would need to be tested to avoid the use of weak key exchange groups due to misconfiguration. The related supporting Documents (i.e. ND SD V2.0e and ND SD V2.1) do not foresee such testing. Since NDcPP requires exact conformance and the ND SD does not provide sufficient evaluation activities for the proposed approach, the NIT is of the opinion that the proposed approach is not suitable to fulfill the requirements in FCS_SSHC_EXT.1.7/FCS_SSHS_EXT.1.7.

For further information, please see the NIT interpretation at:


See issue description

Site Map              Contact Us              Home