RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

RFC 5246, "The Transport Layer Security (TLS) Protocol Version 1.2", August 2008

Note: This RFC has been obsoleted by RFC 8446

Source of RFC: tls (sec)

Errata ID: 6572
Status: Reported
Type: Technical
Publication Format(s) : TEXT

Reported By: Johannes Görlich
Date Reported: 2021-05-05

Section 9 says:

In the absence of an application profile standard specifying otherwise, a TLS-compliant application MUST implement the cipher suite TLS_RSA_WITH_AES_128_CBC_SHA (see Appendix A.5 for the definition).

It should say:

In the absence of an application profile standard specifying otherwise, a TLS-compliant application MUST implement the cipher suite TLS_RSA_WITH_AES_128_GCM_SHA256 (see Appendix A.5 for the definition).

Notes:

A must-be-implement cipher suite should not relay on a bulk encryption algorithm which is vulnerable to plain-text attacks or on a secure hash algorithm which has been proven to be insecure.

Report New Errata