Hardware manual
Version 1.1, 03/31/2015
GSS CCT Evaluation Technical Report Page 26 of 56 © 2015 Gossamer Security Solutions, Inc.
Document: AAR-BrocadeNetIron5.8 All rights reserved.
Testing Assurance Activities: The evaluator shall also perform the following test:
Test 1: The evaluator shall establish a SSH connection using each of the encryption algorithms specified by the
requirement. It is sufficient to observe (on the wire) the successful negotiation of the algorithm to satisfy the
intent of the test.
The evaluator used the SecureCRT client to connect to the TOE using ASE 128 and ASE 256 encryption. The
evaluator captured the network traffic and verified the algorithms.
2.2.9.5 FCS_SSH_EXT.1.5
TSS Assurance Activities: None Defined
Guidance Assurance Activities: None Defined
Testing Assurance Activities: None Defined
2.2.9.6 FCS_SSH_EXT.1.6
TSS Assurance Activities: The evaluator shall check the TSS to ensure that it lists the supported data integrity
algorithms, and that that list corresponds to the list in this component.
Section 6.2 indicates the SSH implementation supports AES CBC 128 and 256, HMAC-SHA-1, and RSA. These values
match the SFR. The description also indicates that a maximum packet size of 256K is supported and that is also
consistent with the SFR.
Guidance Assurance Activities: The evaluator shall also check the operational guidance to ensure that it contains
instructions to the administrator on how to ensure that only the allowed data integrity algorithms are used in SSH
connections with the TOE (specifically, that the 'none' MAC algorithm is not allowed).
The ST identifies the ciphers, hashes, and authentication methods as indicated in the TSS findings above.
The FIPS Guide explains how to enable CC mode which serves to limit the ciphers to those claimed in the ST.
Testing Assurance Activities: