W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > June 2017

Re: [webrtc-pc] Check crypto suites

From: Bernard Aboba via GitHub <sysbot+gh@w3.org>
Date: Sun, 18 Jun 2017 01:32:24 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-309250773-1497749543-sysbot+gh@w3.org>
@martinthomson @stefhak Yes, it does match reasonably. 

[draft-ietf-rtcweb-security-arch](https://tools.ietf.org/html/draft-ietf-rtcweb-security-arch-12#page-16) Section 5.5 says: 

   All implementations MUST implement DTLS 1.0, with the cipher suite
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA with the the P-256 curve
   [FIPS186].  The DTLS-SRTP protection profile
   SRTP_AES128_CM_HMAC_SHA1_80 MUST be supported for SRTP.
   Implementations SHOULD implement DTLS 1.2 with the
   TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 cipher suite.
   Implementations MUST favor cipher suites which support PFS over non-
   PFS cipher suites and SHOULD favor AEAD over non-AEAD cipher suites.

[RFC 5246](https://tools.ietf.org/html/rfc5246#page-65 ) Section 5.5 says: 

   In the absence of an application profile standard specifying
   otherwise, a TLS-compliant application MUST implement the cipher
   suite TLS_RSA_WITH_AES_128_CBC_SHA (see Appendix A.5 for the
   definition).




-- 
GitHub Notification of comment by aboba
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/issues/1315#issuecomment-309250773 using your GitHub account
Received on Sunday, 18 June 2017 01:32:31 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 4 June 2019 15:32:44 UTC