Any designs that are not fit for use-case may only be enabled after the user has been sufficiently informed of the security consequences in a manner that takes the use-case into account.
***[REQ-CRYPTO-8]** The product shall enable by default only the recommended designs that are fit for use-case.
***[REQ-CRYPTO-9]** The product shall enable by default only the recommended designs that are fit for use-case.
As an example, when using TLS to protect the transport, only TLS v1.3 shall be used with one of the three cipher suites: TLS_AES_256_GCM_SHA384, TLS_AES_128_GCM_SHA256 or TLS_AES_128_CCM_SHA256.