The PP_VOIP_V1.3 currently mandates support for TLS_RSA_WITH_AES_128_CBC_SHA. This ciphersuite is being deprecated and future PPs can be expected not to have ciphersuites with SHA-1.

FCS_TLS_EXT.1.1 is modified as follows:

TLS_RSA_WITH_AES_128_CBC_SHA is moved from mandatory to optional.

The following text is added to the application note:

It is recognized that RFC 5246 mandates the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA, but use of SHA-1 for digital signature generation is no longer recommended (see NIST SP 800-131A rev-1 and SP 800-78-4). Subsequent revisions of the PP will not include SHA-1.

FCS_TLSS_EXT.1.1

The [selection, choose at least one of: VoIP client application, client device platform] shall implement one or more of the following protocols [selection: TLS 1.0 (RFC 2246), TLS 1.1 (RFC 4346), TLS 1.2 (RFC 5246)] using mutual authentication with certificates and supporting the following ciphersuites:

[selection:

TLS_RSA_WITH_AES_128_CBC_SHA as defined in RFC 3268

TLS_RSA_WITH_AES_256_CBC_SHA as defined in RFC 3268

TLS_DHE_RSA_WITH_AES_128_CBC_SHA as defined in RFC 3268

TLS_DHE_RSA_WITH_AES_256_CBC_SHA as defined in RFC 3268

TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246

TLS_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246

TLS_DHE_RSA_WITH_AES_128_CBC_ SHA256 as defined in RFC 5246

TLS_DHE_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246

TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289

TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289

TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289

TLS_ECDHE_RSA_WITH _AES_256_GCM_SHA384 as defined in RFC 5289

TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as defined in RFC 6460

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 as defined in RFC 6460

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289].

Application Note:           

The ciphersuites to be tested in the evaluated configuration are limited by this requirement. The ST author should select the ciphersuites that are supported. It is necessary to limit the ciphersuites that can be used in an evaluated configuration administratively on the server in the test environment.

The Suite B algorithms listed above (RFC 6460) are the preferred algorithms for implementation.

In a future version of this PP TLS v1.2 will be required for all TOEs.

It is recognized that RFC 5246 mandates the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA, but use of SHA-1 for digital signature generation is no longer recommended (see NIST SP 800-131A rev-1 and SP 800-78-4). Subsequent revisions of the PP will not include SHA-1.

It is recognized that RFC 5246 mandates the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA, but use of SHA-1 for digital signature generation is no longer recommended (see NIST SP 800-131A rev-1 and SP 800-78-4).