Hi, I am happy to report that 3GPP just took the decision to forbid support of MD5 and SHA-1, as well as all non-AEAD and non-PFS cipher suites in TLS. The changes apply to all Rel-16 3GPP systems that use TLS and DTLS, which are quite many.
3GPP had already mandaded support of TLS 1.3, forbidden support of TLS 1.1, and mandated minimum key lengths of 2048 for RSA/FFDH and 255 for ECC. 3GPP will likely mandate support of DTLS 1.3 soon after it has been published. I hope this inspire other organisations to do the same. The changes [2][3] were approved today and an updated complete version of the new 3GPP TLS profile can be found here [1]. Any comments or suggestions on the 3GPP TLS profile are very welcome. Cheers, John [1] https://github.com/EricssonResearch/CBOR-certificates/raw/master/3GPP%20TLS%20Profile%206%20march%202020.pdf [2] http://www.3gpp.org/ftp/TSG_SA/WG3_Security/TSGS3_98e/Docs/S3-200332.zip [3] https://www.3gpp.org/ftp/tsg_sa/WG3_Security/TSGS3_98e/Inbox/Drafts/draft_S3-200333-r1.doc _______________________________________________ TLS mailing list TLS@ietf.org https://www.ietf.org/mailman/listinfo/tls
