59   Failure in finding a matching cipher suite

Created: 12 Sep 2024

Status: Approval (Future Improvement)

Part: Part 3 (2023, Edition 2)

Links:

Page: 15

Clause: 6

Paragraph: 0

Issue

In Ed. 1.0 of the standard we had this security event required to be announced in the case of failure in finding a matching cipher suite during the TLS handshake: ("alarm: no matching TLS cipher suites”).

I have not found a corresponding requirement in Ed 2.0.

Proposal

Add the requirement (already availble in Ed 1.0) "The failure in finding a matching cipher suite during the TLS handshake shall raise a security event ("alarm: no matching TLS cipher suites”)." to the standard and add the secuirty event in Annex A.

Discussion Created Status
The proposal will be included in a future revision as outlined. 08 Jan 25 Approval (Future Improvement)
Also OK for me. 30 Sep 24 Discussion (red)
Update of the proposal:

to be included in clause 6.3 as it applies for both TLSv1.2 and TLSv1.3:
"The failure in finding a matching cipher suite during the TLS handshake shall raise a security
event ("alarm: no matching TLS cipher suites”)."

Table in Annex A.2 needs to be enhanced with the following entry (at the end):
" no matching cipher suite; TLS_NO_CIPHER-MATCH; alarm; IEC62351-3:22; no matching TLS cipher suites"
16 Sep 24 Discussion (red)
Good catch, that should be part of Ed.2 as well.

The proposal is fine and should be included. Based on the new structure in Ed.2, this could be addressed as new subsection 6.4, to define the (missing) security event refers to the cipher suite selection for TLS 1.2 and TLS.3. Consequently as proposed the security event also needs to be listed in Annex A.2

Proposal to accept as Accept (Future Improvement)
12 Sep 24 Accepted

 

Privacy | Contact | Disclaimer

Tissue DB v. 24.12.6.1