Assignment for other ciphersuites supported is intended for ciphersuites not defined in FIPS and should not be used to introduce ciphersuites that are publicly known to be weak or cannot be securely implemented.

The Application Note for FCS_TTTC_EXT.1.1, in Section 5.2.3 of MOD_STIP_V1.1, is modified as follows, with strikethrough denoting deletion and bold underline denoting addition:

Application Note: TLS version 1.2 and 1.0 must be supported; support for TLS version 1.1 is optional, and should be chosen if the STIP supports it. The list of cipher suites to support is mandatory but includes some selections in order to support legacy servers that may be required by the monitored clients; additional cipher suites that have not been publicly designated as weak and that do not have appropriate mitigations that ensure a secure implementation may can be added included in the assignment. In particular, 'null,' 'export,' 'anon,' ciphersuites or cipher suites including RC4, MD5, DES_CBC or IDEA should not be included. It is expected that any weaknesses associated with supported ciphersuites included in the assignment be accompanied by references to mitigating implementation guidance enforced by the TOE.

The order of the cipher suites above should be maintained in the ST; FCS_TTTC_EXT.1.4 indicates that the cipher suites are presented in order of preference in the Client Hello sent to the requested server, and that preference is defined as the order in the above SFR. In particular, any additional ciphersuites included in the assignment should be in preference order, and included in the client hello message as lower preference than the required ciphersuites.

The above list (as instantiated in the ST) limits the cipher suites that may be proposed by the TOE to the requested server. Behavior if the requested server responds with a cipher suite that is not offered in the list is defined in FDP_TEP_EXT.1.8.

The selection should indicate if mutual authentication and/or session renegotiation is supported. These selections must be the same for both FCS_TTTC_EXT.1.1 and FCS_TTTS_EXT.1.1. If mutual authentication is selected, the requirements in Section B.4 will be included by the ST author. For this technology, mutual authentication is not desirable on these connections because the STIP will have to issue a certificate representing the client to the requested server, and the server will have to have a trust anchor for that certificate. If session renegotiation is selection, FCS_TTTC_EXT.4 from Section B.5 will be included by the ST author. The data encryption and decryption algorithms used in this element are performed in accordance with FCS_COP.1/STIP.

The Application Note for FCS_TTTS_EXT.1.1, in Section 5.2.3 of MOD_STIP_V1.1, is modified as follows, with strikethrough denoting deletion and bold underline denoting addition: 

Application Note: TLS version 1.2 and 1.0 must be supported; support for TLS version 1.1 is optional, and should be chosen if the STIP supports it. The list of cipher suites to support is mandatory but includes some selections in order to support legacy clients that may be required by the organization; additional cipher suites that have not been publicly designated as weak and that do not have appropriate mitigations that ensure a secure implementation may can be added included in the assignment. In particular, 'null,' 'export,' 'anon,' ciphersuites or cipher suites including RC4, MD5, DES_CBC, or IDEA should not be included. It is expected that any weaknesses in the list be accompanied by references to mitigating implementation guidance enforced by the TOE.

The above list (as instantiated in the ST) limits the cipher suites that may be specified by the TOE when responding to the monitored client. The data encryption and decryption algorithms used in this element are performed in accordance with FCS_COP.1/STIP.

The selection should indicate if mutual authentication and/or session renegotiation is supported. These selections must be the same for both FCS_TTTC_EXT.1.1 and FCS_TTTS_EXT.1.1. If mutual authentication is selected, the requirements in Section B.4 will be included by the ST author. For this technology, mutual authentication is not desirable on these connections because the STIP will have to issue a certificate representing the client to the requested server, and the server will have to have a trust anchor for that certificate. If session renegotiation is selected, FCS_TTTS_EXT.4 in section B.5 will be included by the ST author.

The data encryption and decryption algorithms used in this element are performed in accordance with FCS_COP.1/STIP.

See Issue Description.