This standard mandates support for an ECC cipher suite (TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256) but does not mandate support for the "elliptic_curves" extension (RFC 8422).
However, RFC 8422 mandates the following (section 4):
===
A TLS client that proposes ECC cipher suites in its ClientHello
message SHOULD include these extensions. Servers implementing ECC
cipher suites MUST support these extensions, and when a client uses
these extensions, servers MUST NOT negotiate the use of an ECC cipher
suite unless they can complete the handshake while respecting the
choice of curves specified by the client. This eliminates the
possibility that a negotiated ECC handshake will be subsequently
aborted due to a client's inability to deal with the server's EC key.
===
RFC 8422 obsoletes RFC 4492 and so is the "source of truth" for the use of ECC cipher suites for TLS 1.2.
Note that the TLS 1.3 implementation requirements in this same standard DO require support for "supported_groups" extension described in RFC 8446, which is just a renaming of the same elliptic_curves extension for TLS 1.3 in RFC 8422).
Proposal
Update IEC 62351-3:2023 to mandate support for RFC 8422 "elliptic_curves" extension so that the TLS 1.2 IEC 62351-3 implementation does not violate RFC 8422.
Discussion
Created
Status
OK for me.
27 Aug 24
Discussion (red)
Proposal for Approval (Future Improvement)
26 Aug 24
Discussion (red)
RFC 8422 is already listed as a normative reference. So, that is already good.
Further, I agree with the comment.
27 Jun 24
Accepted
As RFC8442 requires the support of this extension for TLS server, when using ECC cipher suites, the proposal should be incorporated referenced in clause 7.2.