View Issue Details

IDProjectCategoryView StatusLast Update
000952010000-006: MappingsSpecpublic2024-07-09 16:21
ReporterDominik Ziegler Assigned To 
Status acknowledgedResolutionopen 
Summary0009520: Update SecurityPolicy [ECC-B] – ECC-nistP256 Encryption Algorithm

The current implementation of SecurityPolicy [ECC-B] – ECC-nistP256 relies on AES128-CBC for encryption, as outlined in the specification. However, AES128-CBC should be considered for "legacy" systems only according to (H2020-ICT-2014 – Project 645421, D5.4, ECRYPT-CSA, 02/2018; available at , signaling the need for an update to more modern encryption variants.

The report highlights the necessity of transitioning to more robust encryption algorithms, such as AES-128-GCM, for enhanced security and resilience against evolving threats.

To address this concern and ensure the security of OPC UA implementations, it is proposed to update SecurityPolicy [ECC-B] – ECC-nistP256 to utilize AES-128-GCM instead of AES-128-CBC. This transition will align OPC UA with contemporary security practices and provide a stronger defense against potential vulnerabilities.

Commit Version
Fix Due Date


Randy Armstrong

2024-04-17 15:44

administrator   ~0021133

Agreed that adding GCM profiles is best for the long term.
Need resources to do prototyping and propose any spec changes.
This is best handled by the FLC WG.

Jim Luth

2024-07-09 16:21

administrator   ~0021432

Will assign when we have a volunteer to complete a prototype.

Issue History

Date Modified Username Field Change
2024-04-15 12:56 Dominik Ziegler New Issue
2024-04-15 12:56 Dominik Ziegler Tag Attached: Security
2024-04-17 15:44 Randy Armstrong Assigned To => Randy Armstrong
2024-04-17 15:44 Randy Armstrong Status new => acknowledged
2024-04-17 15:44 Randy Armstrong Note Added: 0021133
2024-06-14 20:43 Paul Hunkar Project 10000-002: Security => 10000-006: Mappings
2024-07-09 16:18 Jim Luth Assigned To Randy Armstrong =>
2024-07-09 16:21 Jim Luth Note Added: 0021432