Manualshelf

User guide

ManualsBrandsAruba ManualsComputer equipment620
21222324252627282930
Aruba Networks Security Target
Page 26 of 67
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_ SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_ SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_ SHA256
TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384
FCS_IPSEC_EXT.1 Explicit: IPSEC
FCS_IPSEC_EXT.1.1 The TSF shall implement the IPsec protocol ESP as defined by RFC
4303 using the cryptographic algorithms AES-CBC-128, AES-CBC-256
(both specified by RFC 3602), AES-GCM-128, AES-GCM-256 as
specified in RFC 4106, and using IKEv1 as defined in RFCs 2407, 2408,
2409, RFC 4109, and RFC 4868 for hash functions; IKEv2 as defined in
RFCs 5996 (with mandatory support for NAT traversal as specified in
section 2.23), 4307, and RFC 4868 for hash functions.
FCS_IPSEC_EXT.1.2 The TSF shall ensure that IKEv1 Phase 1 exchanges use only main
mode.
FCS_IPSEC_EXT.1.3 The TSF shall ensure that IKEv1 SA lifetimes are able to be limited to 24
hours for Phase 1 SAs and 8 hours for Phase 2 SAs.
FCS_IPSEC_EXT.1.4 The TSF shall ensure that IKEv1 SA lifetimes are able to be limited to
200 MB of traffic for Phase 2 SAs.
FCS_IPSEC_EXT.1.5 The TSF shall ensure that all IKE protocols implement DH Groups 14
(2048-bit MODP), and 19 (256-bit Random ECP), 20 (384-bit Random
ECP), no other DH groups.
FCS_IPSEC_EXT.1.6 The TSF shall ensure that all IKE protocols implement Peer
Authentication using the rDSA or ECDSA algorithm.
FCS_IPSEC_EXT.1.7 The TSF shall support the use of pre-shared keys (as referenced in the
RFCs) for use in authenticating its IPsec connections.
FCS_IPSEC_EXT.1.8 The TSF shall support the following:
1. Pre-shared keys shall be able to be composed of any combination of
upper and lower case letters, numbers, and special characters: all
printable ASCII characters;
2. Pre-shared keys of 22 characters and between 6 and 64 characters.
FCS_SSH_EXT.1 Explicit: SSH
FCS_SSH_EXT.1.1 The TSF shall implement the SSH protocol that complies with RFCs
4251, 4252, 4253, and 4254.