NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0395:  NIT Technical Decision for Different Handling of TLS1.1 and TLS1.2

Publication Date
2019.02.24

Protection Profiles
CPP_ND_V2.0E, CPP_ND_V2.1

Other References
FCS_TLSS_EXT.2.4, FCS_TLSS_EXT.2.5, ND SD V2.0E, ND SD V2.1

Issue Description

The NIT has issued a technical decision for the different handling of TLS1.1 and TLS1.2 in Test 2 of FCS_TLSS_EXT.2.4+2.5.

Resolution

Updated 3/13/2019 to also apply to NDcPP V2.1 and ND SD V2.1

 

FCS_TLSS_EXT.2.4 and FCS_TLSS_EXT.2.5, Test 2 shall be replaced as follows:

Test 2[conditional]: If TLS1.2 is claimed for the TOE, the evaluator shall configure the server to send a certificate request to the client without the supported_signature_algorithm used by the client's certificate. The evaluator shall attempt a connection using the client certificate and verify that the connection is denied."

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201828rev2.pdf

Justification

See issue description.

 
 
Site Map              Contact Us              Home