Camellia Cipher Suites for TLS
NTT Software Corporation
+81-45-212-7577+81-45-212-9800akato@po.ntts.co.jp
Nippon Telegraph and Telephone Corporation
+81-422-59-3456+81-422-59-4015 kanda.masayuki@lab.ntt.co.jp
NTT Software Corporation
+81-45-212-7577+81-45-212-9800kanno-s@po.ntts.co.jp
Security
Network Working GroupBlock CipherSecurityCamelliaTLSCBCSHA2
This document specifies a set of cipher suites for the Transport
Security Layer (TLS) protocol to support the Camellia encryption
algorithm as a block cipher. It amends the ciphersuites originally
specifed in RFC 4132 by counterparts using the newer cryptographic
hash algorithms from the SHA-2 familiy. This document obsoletes
RFC 4132.
This document proposes the addition of new cipher suites to the
Transport Layer Security (TLS)
protocol to support the Camellia encryption
algorithm as a block cipher algorithm, adding variants using the SHA-2 family
of cryptographic hash algorithms to the TLS cipher
suite portfolio originally specified in RFC 4132 .
This document obsoletes RFC 4132.
The algorithm specification and object identifiers are described in
.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in .
The cipher suites defined here have the following identifiers:
The RSA, DHE_RSA, DH_RSA, DHE_DSS, DH_DSS, and DH_anon key exchanges
are performed as defined in .
The CAMELLIA_128_CBC cipher suites use Camellia in CBC
mode with a 128-bit key and 128-bit IV; the CAMELLIA_256_CBC cipher
suites use a 256-bit key and 128-bit IV.
The cipher suites ending with _SHA use HMAC-SHA1 as the MAC
algorithm.
When used with TLS versions prior to 1.2, the PRF is calculated as
specified in the appropriate version of the TLS specification.
The cipher suites ending with _SHA256 use HMAC-SHA-256 as
the MAC algorithm.
For TLS version 1.2, the PRF is the TLS PRF with SHA-256 as
the hash function.
The cipher suites ending with _SHA256 use HMAC-SHA-256 as the MAC
algorithm. The PRF is the TLS PRF with SHA-256 as the hash
function. These cipher suites MUST NOT be negotiated by TLS 1.1 or
earlier versions. Clients MUST NOT offer these cipher suites if
they do not offer TLS 1.2 or later. Servers which select an earlier
version of TLS MUST NOT select one of thse cipher suites.
IANA has already allocated the following numbers for RFC 4132,
and is requested to update them to reference this document:
IANA is requested to allocate (has allocated) the following numbers
in the TLS Cipher Suite Registry:
At the time of writing this document, there are no known weak keys
for Camellia.
Also, Security issues are discussed throughout RFC 5246 ,
especially in Appendices D, E, and F of .
&RFC2119;
&RFC5246;
&RFC3713;
Secure Hash Standard (SHS)National Institute of Standards and Technology
&RFC4132;
Advanced Encryption Standard (AES)National Institute of Standards and TechnologyInformation technology - Security techniques - Encryption algorithms - Part 3: Block ciphersInternational Organization for StandardizationCamellia open source softwareCamellia web site