Hi, Randy, On Mon, Nov 18, 2024 at 8:32 PM Turner, Randy <[email protected]> wrote: > In our tests of RFC 7925 recommendations/requirements, the mandate for the > CCM_8 AES algorithms seems to be outdated – from our tests, both Microsoft > and OpenSSL have deprecated or removed support for the CCM_8 algorithms – we > have seen this when CCM_8 algorithms are offered by TLS clients to TLS > servers running Microsoft’s crypto provider (Windows server 2019) or a server > linked to the latest OpenSSL 3 release > > Is there a recommended replacement or “bis” work proceeding with new > recommendations ?
The place is UTA [1] -- more precisely, Section 18 of I-D.ietf-uta-tls13-iot-profile [2]. (I am not sure it is possible to fully deprecate CCM_8 at this time because of constrained-to-constrained scenarios. However, we have started recommending its non-truncated sibling alongside GCM.) [1] https://mailarchive.ietf.org/arch/browse/uta/ [2] https://www.ietf.org/archive/id/draft-ietf-uta-tls13-iot-profile-11.html#section-18 -- Thomas _______________________________________________ TLS mailing list -- [email protected] To unsubscribe send an email to [email protected]
