Archived TD0034: Revision of Test 5 in FCS_TLSC_EXT.1.1 & EXT.2.1 reqs in MDF PP V2.0, MDM PP V2.0, MDM Agent PP V2.0
PP_MD_v2.0, PP_MDM_AGENT_V2.0, PP_MDM_V2.0
PP_MDF_V2.0, MDM PP V2.0, MDM Agent PP V2.0 requirements FCS_TLSC_EXT.1.1 and FCS_TLSC_EXT.2.1
The last two bullets of Test 5 in FCS_TLSC_EXT.1.1 (FCS_TLS_EXT.2.1 has identical tests) state:
Rewrite the last bullet in Test 5 to state:
The revision removes a potentially redundant test and requires that the server sends a valid plaintext finished message (a violation of the TLS RFCs) with a valid verify_data field. If implemented correctly, this altered test checks that a client TLS implementation correctly attempts decryption first (and thus will not parse a correctly formatted, plaintext Finished message).