HTTP/2 AES-256

]> HTTP/2 AES-256 CYMERTEK

jasonfreedman@cymertek.com

CYMERTEK

larrystark@cymertek.com

CYMERTEK

justinoliver@cymertek.com

Applications and Real-Time HTTPbis HTTP SPDY Web This RFC is an official specification for the Internet community. It incorporates by reference, amends, corrects, and supplements the primary protocol standards documents relating to http/2.

Introduction The optimized expression of the semantics of the Hypertext Transfer Protocol (HTTP), referred to as HTTP version 2 (HTTP/2) specifies a requirement of TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 which does not meet the needs of a post-quantum cryptography world. In order to allow for stronger cryptography to be enforced, this document specifies an amendement to the original specification.

Requirements Language The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 when, and only when, they appear in all capitals, as shown here.

Cipher Requirements In the HTTP/2 specification , section 9.2.2, paragraph 4, it is explicitly stated that any deployment of HTTP/2 using TLS 1.2 must adhere to certain cipher suite requirement. In order to contend with post-quantum cryptographic abilities, this document specifies alternate cipher requirements. With this document, as like the original, the need to mitigate the risk of non-intersecting sets of permitted cipher suites causing TLS handshake failures continues to be a real problem. To avoid this problem, HTTP/2 deployments using TLS 1.2 MUST support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 and TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 , both with the P-256 elliptic curve . Additionally, server implementations of HTTP/2 MUST also include an end-user system administrator configurable option to deactivate the lower cipher option, TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, in favor of the higher one, TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384. The default should always be to support TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, which maintains backward compatibility for devices with lower encryption requirements. This end-user disabling switch is essential for those specific instances where the target application necessitates a higher level of cipher strength.

IANA Considerations This addendum includes no additional request to IANA than what has been requested in HTTP/2.

Security Considerations This addendum the same ciphers as defined in HTTP/2 and adds an additional required stronger cipher for post-quantum security.

References Normative References HTTP Semantics HTTP/2 Key words for use in RFCs to Indicate Requirement Levels In many standards track documents several words are used to signify the requirements in the specification. These words are often capitalized. This document defines these words as they should be interpreted in IETF documents. This document specifies an Internet Best Current Practices for the Internet Community, and requests discussion and suggestions for improvements. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words RFC 2119 specifies common key words that may be used in protocol specifications. This document aims to reduce the ambiguity by clarifying that only UPPERCASE usage of the key words have the defined special meanings. Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) Versions 1.2 and Earlier This document describes key exchange algorithms based on Elliptic Curve Cryptography (ECC) for the Transport Layer Security (TLS) protocol. In particular, it specifies the use of Ephemeral Elliptic Curve Diffie-Hellman (ECDHE) key agreement in a TLS handshake and the use of the Elliptic Curve Digital Signature Algorithm (ECDSA) and Edwards-curve Digital Signature Algorithm (EdDSA) as authentication mechanisms. This document obsoletes RFC 4492. TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM) RFC 4492 describes elliptic curve cipher suites for Transport Layer Security (TLS). However, all those cipher suites use HMAC-SHA-1 as their Message Authentication Code (MAC) algorithm. This document describes sixteen new cipher suites for TLS that specify stronger MAC algorithms. Eight use Hashed Message Authentication Code (HMAC) with SHA-256 or SHA-384, and eight use AES in Galois Counter Mode (GCM). This memo provides information for the Internet community. The Transport Layer Security (TLS) Protocol Version 1.2 This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol. The TLS protocol provides communications security over the Internet. The protocol allows client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery. [STANDARDS-TRACK]

Authors' Addresses CYMERTEK

jasonfreedman@cymertek.com

CYMERTEK

larrystark@cymertek.com

CYMERTEK

justinoliver@cymertek.com