Archived TD0197: Resolve conflict between elements of FCS_TLSS_EXT.1 regarding selecting TLS
Conflict exists between two elements of FCS_TLSS_EXT.1 where FCS_TLSS_EXT.1.1 allows TLS 1.0. while FCS_TLSS_EXT.1.2 forbids TLS 1.0.
Application Note for FCS_TLSS_EXT.1.1 is modified to include the following statement:
In a future version of this PP TLS 1.0 will be removed and TLS v1.2 will be required for all TOEs.
FCS_TLSS_EXT.1.2 is modified to remove TLS 1.0 from outside the selection.
FCS_TLSS_EXT.1.2 The TSF shall deny connections from clients requesting SSL 1.0, SSL 2.0, SSL 3.0, and [selection: TLS 1.0, TLS 1.1, no other TLS versions].
Since customers will likely be transitioning from TLS 1.0 to TLS 1.2 for a while, TLS 1.0 will remain as a selection/option.