NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0283:  Cipher Suites for TLS in SWApp v1.2

Publication Date
2018.01.26

Protection Profiles
PP_APP_v1.2

Other References
FCS_TLSC_EXT.1; FCS_TLSS_EXT.1

Issue Description

In PP_APP_v1.2 , FCS_TLSC_EXT.1.1 and FCS_TLSS_EXT.1.1 mandates the support for the TLS_RSA_WITH_AES_128_CBC_SHA cipher suite. This cipher suite is being removed as mandatory and will become an optional cipher suite selection.

Resolution

FCS_TLSC_EXT.1.1

The mandatory cipher suite selections will be removed from the PP, and TLS_RSA_WITH_AES_128_CBC_SHA will be moved as a cipher suite selection.
 
FCS_TLSC_EXT.1.1 is modified as follows:

FCS_TLSC_EXT.1.1
The application shall [selection: invoke platform-provided TLS 1.2, implement TLS 1.2 (RFC 5246) ] supporting the following cipher suites:
[selection:

ο TLS_RSA_WITH_AES_128_CBC_SHA as defined in RFC 5246
ο TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246
ο TLS_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246
ο TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288
ο TLS_DHE_RSA_WITH_AES_128_CBC_ SHA256 as defined in RFC 5246
ο TLS_DHE_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246
ο TLS_DHE_RSA_WITH_AES_256_GCM_ SHA384 as defined in RFC 5288
ο TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289
ο TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289
ο TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289
ο TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289
ο TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289
ο TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289
ο TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289
ο TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289]
 
and no other cipher suite.


This requirement depends upon selection in FTP_DIT_EXT.1.1.

Application Note:
The cipher suites to be tested in the evaluated configuration are limited by this requirement. It is necessary to limit the cipher suites that can be used in an evaluated configuration administratively on the server in the test environment. The Suite B algorithms listed above (RFC 6460) are the preferred algorithms for implementation. TLS_RSA_WITH_AES_128_CBC_SHA is mandatory in RFC 5246, but has been moved to the selection based ciphersuites for this Protection Profile. These requirements will be revisited as new TLS versions are standardized by the IETF. If any cipher suites are selected using ECDHE, then FCS_TLSC_EXT.4 is required. If implement TLS 1.2 (RFC 5246) is selected, then FCS_CKM.2, FCS_CKM_EXT.1, FCS_COP.1(1), FCS_COP.1(2), FCS_COP.1(3), and FCS_COP.1(4) are required.

When "invoke platform-provided TLS 1.2" is selected, it may be the case that the application is being claimed to run on more than one platform, and the underlying platforms support different sets of ciphersuites that are subsets of the ciphersuites listed in the selection for the SFR.  In this case, it is expected that the ST author iterate this requirement for each platform or set of platfroms; each iteration would have the set of ciphersuites implemented by the platform(s).  Note this is only necessary if the application wants to make a distinction; otherwise, the least common set of ciphersuites can be specified in the single SFR.  Also note that the testing requirements would be applied to each iteration (meaning application/platform combination) during the evaluation.

------

 

 FCS_TLSS_EXT.1.1


The mandatory cipher suite selections will be removed from the PP, and TLS_RSA_WITH_AES_128_CBC_SHA will be moved as a cipher suite selection. Additionally, two ciphersuites are added for consistency with FCS_TLSC_EXT.1.1.


 FCS_TLSS_EXT.1.1 modified as follows:

 
FCS_TLSS_EXT.1.1
The application shall [selection: invoke platform-provided TLS 1.2, implement TLS 1.2 (RFC 5246) ] supporting the following cipher suites:
[selection:

ο TLS_RSA_WITH_AES_128_CBC_SHA as defined in RFC 5246
ο TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246
ο TLS_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246
ο TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288
ο TLS_DHE_RSA_WITH_AES_128_CBC_ SHA256 as defined in RFC 5246
ο TLS_DHE_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246
ο TLS_DHE_RSA_WITH_AES_256_GCM_ SHA384 as defined in RFC 5288
ο TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289
ο TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289
ο TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289
ο TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289
ο TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289
ο TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289
ο TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289
ο TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289]
 
and no other cipher suite.

This requirement depends upon selection in FTP_DIT_EXT.1.1.

Application Note: The cipher suites to be tested in the evaluated configuration are limited by this requirement. It is necessary to limit the cipher suites that can be used in an evaluated configuration administratively on the server in the test environment. The Suite B algorithms listed above (RFC 6460) are the preferred algorithms for implementation. TLS_RSA_WITH_AES_128_CBC_SHA is mandatory in RFC 5246, but has been moved to the selection based ciphersuites for this Protection Profile. These requirements will be revisited as new TLS versions are standardized by the IETF. If any cipher suites are selected using ECDHE, then FCS_TLSC_EXT.4 is required. If implement TLS 1.2 (RFC 5246) is selected, then FCS_CKM.2.1, FCS_COP.1.1(1), FCS_COP.1.1(2), FCS_COP.1.1(3), and FCS_COP.1.1(4) are required.

When "invoke platform-provided TLS 1.2" is selected, it may be the case that the application is being claimed to run on more than one platform, and the underlying platforms support different sets of ciphersuites that are subsets of the ciphersuites listed in the selection for the SFR.  In this case, it is expected that the ST author iterate this requirement for each platform or set of platfroms; each iteration would have the set of ciphersuites implemented by the platform(s).  Note this is only necessary if the application wants to make a distinction; otherwise, the least common set of ciphersuites can be specified in the single SFR.  Also note that the testing requirements would be applied to each iteration (meaning application/platform combination) during the evaluation.

 

Justification

See Issue Description.

 
 
Site Map              Contact Us              Home