Thursday, April 5, 2018

Tech Corner: SP 800-56B and RSAES-PKCS1-v1.5 Update

Near the end of 2017, NIAP issued and later retracted Labgram #106. This Labgram warned that RSAES-PKCS1-v1.5 would be disallowed by NIST after 2017 which meant that it would also be disallowed by NIAP after 2017 in CC evaluations. The reason for the retraction was because NIST delayed the publication of their update to NIST SP 800-56B that would effectively disallow RSAES-PKCS1-v1.5-based establishment schemes.

In practice, this disallowance meant that all TLS ciphersuites starting with TLS_RSA_* would be disallowed for use with TLS v1.2 and earlier. This is a large set of commonly supported TLS ciphersuites. Removing them from use would leave only the DH and ECDH-based ciphersuites available for use in TLS.

This update is just to inform you that RSAES-PKCS1-v1.5 is still allowed by NIST and NIAP. We hope to receive updated information from NIST on the SP 800-56B revision at the ICMC conference May 8-11, 2018 in Ontario, Canada.

In the meantime, please be proactive and prepare your products for the eventual disallowance of RSAES-PKCS1-v1.5 and its associated TLS ciphersuites. Also note that the new TLS 1.3 standard has removed support for the static RSA and DH ciphersuites in favor of DHE/ECDHE, pre-shared keys (PSKs), and PSKs with DHE/ECDHE. Thus, static RSA and DH ciphersuites will eventually become a thing of the past in TLS as well as the DSA, MD5, and SHA-224 algorithms.


~Scott Chapman

No comments:

Post a Comment

Comments are moderated with the goal of reducing spam. This means that there may be a delay before your comment shows up.