The Network Interpretations Team (NIT) has issued a technical decision regarding SSH Server Encryption Algorithms.

To align with NIT interpretation # 201669, FCS_SSHC_EXT.1.4 and FCS_SSHS_EXT.1.4 shall therefore be modified as follows:

"The TSF shall ensure that the SSH transport implementation uses the following encryption algorithms and rejects all other encryption algorithms: [selection: aes128-cbc, aes256-cbc, AEAD_AES_128_GCM, AEAD_AES_256_GCM]."

The corresponding application notes shall be modified as follows:

"RFC 5647 specifies the use of the AEAD_AES_128_GCM and AEAD_AES_256_GCM algorithms in SSH. As described in RFC 5647, AEAD_AES_128_GCM and AEAD_AES_256_GCM can only be chosen as encryption algorithms when the same algorithm is being used as the MAC algorithm. Corresponding FCS_COP entries are included in the ST for the algorithms selected here."

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201669.pdf

See issue description.