79   IANA values for TLS_DHE_RSA_WITH_AES_256_GCM_SHA384

Created: 14 Nov 2024

Status: Drafting Implementation

Part: Part 3 (2023, Edition 2)

Links:

Page: 21

Clause: 7.2

Paragraph: Table 1

Issue

In https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml and in RFC 5288, we have:

CipherSuite TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 = {0x00,0x9F}
……
CipherSuite TLS_DH_RSA_WITH_AES_256_GCM_SHA384 = {0x00,0xA1}

While in 63251-3 Ed 2.0 we have in “Table 1 – Support of cipher suites for TLSv1.2”

Key exchange Encryption Hash IANA Value Source Support
Algorithm Signature
TLS_DHE_ RSA_ WITH_AES_256_GCM_ SHA384 0x00,0xA1 RFC 5288 o

What is the actual cipher suite to be considered {0x00,0x9F} or {0x00,0xA1}?

Proposal

It should be clarified what is the referenced cipher suite.

Discussion Created Status
OK. the change is correct.
We can proceed to the next state.
08 Jan 25 Drafting Implementation
Updated IANA values in Table 1 to ensure interoperability and compliance to defined IANA numbers as shown in the attachement 08 Jan 25 Drafting Implementation
OK. Sounds good! 15 Nov 24 Discussion (red)
Just double checked, the following values need correction in Table 1 (TLS1.2):
- TLS_DHE_RSA_WITH_AES_128_GCM_SHA256: 0x00,0x9E (currently stated 0xC0,0x9E)
- TLS_DHE_RSA_WITH_AES_256_GCM_SHA384: 0x00,0x9F (currently stated 0x00,0xA1)

The values for TLS 1.3 in Table 2 are correct.

Proposal to handle it as defect to address the errors, specifically as the first cipher suite is mandatory.
15 Nov 24 Discussion (red)
I think there are more errors in the table. I think also the value for TLS_DHE_RSA_WITH_AES_128_GCM_SHA256 is wrong.
Maybe it would be good to double check all values again.
15 Nov 24 Accepted
Good finding, thanks for careful reading. The intended ciphersuite is TLS_DHE_ RSA_ WITH_AES_256_GCM_ SHA384.

Therfore the entry in Table 1 has to be updated to {0x00,0x9F}

Sidenote: We dropped support for the _DH_cipher suites as DH certificates are seldomly used n practice.
14 Nov 24 Accepted

 

Privacy | Contact | Disclaimer

Tissue DB v. 24.12.6.1