For the App PP, TD0131 makes FCS_TLSS_EXT.1.1 Test 4.5 conditional based on whether the TOE supports session IDs. A similar issue exists in the Base Virtualization PP for FCS_TLSS_EXT.1. Test 4, Bullet #4.

07/30/2019: This TD has been archived and superseded by TD0431.

For FCS_TLSS_EXT.1.1 and FCS_TLSS_EXT.2.1, Test 4 Bullet #4 is modified as follows per the underlined text:

[conditional] After generating a fatal alert by sending a Finished message from the client before the client sends a ChangeCipherSpec message, send a Client Hello with the session identifier from the previous test, and verify that the server denies the connection. This test is not required for applications with a TLS implementation that does not support session IDs.

See issue description