NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0189:  NIT Technical Decision for SSH Server Encryption Algorithms

Publication Date
2017.04.10

Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0

Other References
NDcPP V1.0, FWcPP V1.0, FCS_SSHC_EXT.1.4, FCS_SSHS_EXT.1.4

Issue Description

The Network Interpretations Team (NIT) has issued a technical decision regarding SSH Server Encryption Algorithms.

Resolution

To align with NIT interpretation # 201669, FCS_SSHC_EXT.1.4 and FCS_SSHS_EXT.1.4 shall therefore be modified as follows:

"The TSF shall ensure that the SSH transport implementation uses the following encryption algorithms and rejects all other encryption algorithms: [selection: aes128-cbc, aes256-cbc, AEAD_AES_128_GCM, AEAD_AES_256_GCM]."

The corresponding application notes shall be modified as follows:

"RFC 5647 specifies the use of the AEAD_AES_128_GCM and AEAD_AES_256_GCM algorithms in SSH. As described in RFC 5647, AEAD_AES_128_GCM and AEAD_AES_256_GCM can only be chosen as encryption algorithms when the same algorithm is being used as the MAC algorithm. Corresponding FCS_COP entries are included in the ST for the algorithms selected here."

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201669.pdf

Justification

See issue description.

 
 
Site Map              Contact Us              Home