@@ -208,8 +208,7 @@ Management traffic can be configuration updates, encryption keys, software updat
Any cryptographic trust designs that are not fit for use-case may only be enabled after the user has been sufficiently informed of the security consequences in a manner that takes the use-case into account.
***[REQ-CRYPTO-9]** The product shall enable by default only the recommended designs that are fit for use-case.
As an example, when using TLS to protect the transport, only TLS v1.3 shall be used with one of the three cipher suites: TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256 or TLS_AES_128_CCM_SHA256.
***[REQ-CRYPTO-10]** The product shall implement data protection measures ensuring all management communications employ encrypted channels providing both confidentiality and integrity protection through best practice cryptography.
For backwards compatibility, use of other combinations of options other what is recommended[\[1\]](#_ref_1) shall be implemented with the following details listed in the technical documentation: