NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0112:  NIT Technical Decision for TLS testing in the NDcPP v1.0 and FW cPP v1.0.

Publication Date

Protection Profiles
CPP_FW_V1.0, CPP_ND_V1.0

Other References
CPP_ND_V1.0, CPP_FW_V1.0

Issue Description

The Network Interpretations Team (NIT) has issued a technical decision regarding TLS testing and when garbled messages should be sent in the NDcPP v1.0 and FW cPP v1.0.



To align with the NIT interpretation #21, NIAP supports the interpretation written below.  For further information, please see the NIT interpretation at:


As part of completing negotiation of the TLS tunnel, a Finished message is sent (after ChangeCipherSpec) which contains a hash of the previous messages exchanged. The tunnel should be set up only if this hash is correctly verified. By sending a garbled message (before Finished message is sent) it can be verified that the TLS implementation waits for Finished message and verifies the hash before sending data. So for the purpose of this test the garbled messaged shall be sent before the Finished message is sent.



See Issue Description

Site Map              Contact Us              Home