NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0358:  Cipher Suites for TLS in SWApp v1.2

Publication Date
2018.09.24

Protection Profiles
PP_APP_v1.2

Other References
FCS_TLSC_EXT.1; FCS_TLSS_EXT.1

Issue Description

TD0283 modified FCS_TLSC_EXT.1 to move "no other cipher suite" outside the selection, implying that the TOE must enforce the use of only those cipher suites listed in the SFR.  This interpretation was not intended.

Resolution

Updated 10/10/2018 to remove "If any cipher suites are selected using ECDHE, then FCS_TLSC_EXT.4 is required" from the FCS_TLSS_EXT.1.1 Application Note.

TD0283 is archived and replaced by this TD.

 

FCS_TLSC_EXT.1.1

The mandatory cipher suite selections will be removed from the PP, TLS_RSA_WITH_AES_128_CBC_SHA will be moved as a cipher suite selection, and "no other cipher suite" will be removed after the selection.

 

FCS_TLSC_EXT.1.1

The application shall [selection: invoke platform-provided TLS 1.2, implement TLS 1.2 (RFC 5246) ] supporting the following cipher suites:

[selection:

  • TLS_RSA_WITH_AES_128_CBC_SHA as defined in RFC 5246
  • TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246
  • TLS_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246
  • TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288
  • TLS_DHE_RSA_WITH_AES_128_CBC_ SHA256 as defined in RFC 5246
  • TLS_DHE_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246
  • TLS_DHE_RSA_WITH_AES_256_GCM_ SHA384 as defined in RFC 5288
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289 
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289].

 

and no other cipher suite.

 

This requirement depends upon selection in FTP_DIT_EXT.1.1.

 

 Application Note:

The cipher suites to be tested in the evaluated configuration are limited by this requirement. It is necessary to limit the cipher suites that can be used in an evaluated configuration administratively on the server in the test environment. If administrative steps need to be taken so that the cipher suites negotiated by the implementation are limited to those in this requirement, then the appropriate instructions need to be contained in the guidance. The Suite B algorithms listed above (RFC 6460) are the preferred algorithms for implementation. TLS_RSA_WITH_AES_128_CBC_SHA is mandatory in RFC 5246, but has been moved to the selection based ciphersuites for this Protection Profile. These requirements will be revisited as new TLS versions are standardized by the IETF. If any cipher suites are selected using ECDHE, then FCS_TLSC_EXT.4 is required. If implement TLS 1.2 (RFC 5246) is selected, then FCS_CKM.2, FCS_CKM_EXT.1, FCS_COP.1(1), FCS_COP.1(2), FCS_COP.1(3), and FCS_COP.1(4) are required.

 

When "invoke platform-provided TLS 1.2" is selected, it may be the case that the application is being claimed to run on more than one platform, and the underlying platforms support different sets of ciphersuites that are subsets of the ciphersuites listed in the selection for the SFR.  In this case, it is expected that the ST author iterate this requirement for each platform or set of platfroms; each iteration would have the set of ciphersuites implemented by the platform(s).  Note this is only necessary if the application wants to make a distinction; otherwise, the least common set of ciphersuites can be specified in the single SFR.  Also note that the testing requirements would be applied to each iteration (meaning application/platform combination) during the evaluation.

 

 

FCS_TLSS_EXT.1.1

The mandatory cipher suite selections will be removed from the PP, and TLS_RSA_WITH_AES_128_CBC_SHA will be moved as a cipher suite selection. Additionally, two ciphersuites are added for consistency with FCS_TLSC_EXT.1.1.

 

FCS_TLSS_EXT.1.1

The application shall [selection: invoke platform-provided TLS 1.2, implement TLS 1.2 (RFC 5246) ] supporting the following cipher suites:

[selection:

 

  • TLS_RSA_WITH_AES_128_CBC_SHA as defined in RFC 5246
  • TLS_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5246
  • TLS_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246
  • TLS_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5288
  • TLS_DHE_RSA_WITH_AES_128_CBC_ SHA256 as defined in RFC 5246
  • TLS_DHE_RSA_WITH_AES_256_CBC_ SHA256 as defined in RFC 5246
  • TLS_DHE_RSA_WITH_AES_256_GCM_ SHA384 as defined in RFC 5288
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289
  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289
  • TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 as defined in RFC 5289
  • TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 as defined in RFC 5289
  • TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 as defined in RFC 5289
  • TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 as defined in RFC 5289]

 

and no other cipher suite.

 

This requirement depends upon selection in FTP_DIT_EXT.1.1.

 

Application Note: The cipher suites to be tested in the evaluated configuration are limited by this requirement. It is necessary to limit the cipher suites that can be used in an evaluated configuration administratively on the server in the test environment. The Suite B algorithms listed above (RFC 6460) are the preferred algorithms for implementation. TLS_RSA_WITH_AES_128_CBC_SHA is mandatory in RFC 5246, but has been moved to the selection based ciphersuites for this Protection Profile. These requirements will be revisited as new TLS versions are standardized by the IETF. If any cipher suites are selected using ECDHE, then FCS_TLSC_EXT.4 is required. If implement TLS 1.2 (RFC 5246) is selected, then FCS_CKM.2.1, FCS_COP.1.1(1), FCS_COP.1.1(2), FCS_COP.1.1(3), and FCS_COP.1.1(4) are required.

 

When "invoke platform-provided TLS 1.2" is selected, it may be the case that the application is being claimed to run on more than one platform, and the underlying platforms support different sets of ciphersuites that are subsets of the ciphersuites listed in the selection for the SFR.  In this case, it is expected that the ST author iterate this requirement for each platform or set of platfroms; each iteration would have the set of ciphersuites implemented by the platform(s).  Note this is only necessary if the application wants to make a distinction; otherwise, the least common set of ciphersuites can be specified in the single SFR.  Also note that the testing requirements would be applied to each iteration (meaning application/platform combination) during the evaluation.

 

Justification

See issue description

 
 
Site Map              Contact Us              Home