All devices SHALL support the TLS_ECDHE_ECDSA_WITH_AES_128_CCM_8 cipher suite (IETF RFC 7251). The ECC cipher suite SHALL use elliptic curve secp256r1.
All devices acting as a server SHALL support the ECC cipher suite. In particular, all devices acting as a server SHALL have an ECC certificate.
All devices acting as a client SHALL support the ECC cipher suite for the purposes of validating an ECC certificate.
All devices acting as a client SHOULD support the request for an ECC certificate.
Devices MAY support additional cipher suites; however, any additional cipher suites SHOULD provide a cryptographic strength at least equivalent to the mandatory cipher suite.