TD0657: IPSEC_EXT.1.6 GCM support for VPN GW
FCS_IPSEC_EXT.1.6 in MOD_VPNGW_V1.2 incorrectly labeled two AES-GCM algorithms as AES-CBC.
FCS_IPSEC_EXT.1.6 in MOD_VPNGW_V1.2 is modified as follows, with strikethrough denoting deletions and underline denoting additions:
FCS_IPSEC_EXT.1.6 The TSF shall ensure the encrypted payload in the [selection: IKEv1, IKEv2] protocol uses the cryptographic algorithms [selection: AES-CBC-128, AES-CBC-192, AES-CBC-256 (specified in RFC 3602), AES-GCM-128,
Application Note: This element is
RFC 5282 specifically calls out AES-GCM-192 as not recommended, so it should be removed from an option.