FCS_TLS_EXT.1 in HCD PP v1.0 currently mandates support for TLS_RSA_WITH_AES_128_CBC_SHA. This cipher suite is being deprecated and future PPs can be expected not to have cipher suites with SHA-1.

Additionally, Test 2a is only applicable to TLS_RSA_WITH... cipher suites and will not verify the behavior on the TOE for DHE and ECDHE cipher suites.

HCD PP v1.0 is modified as follows:

Changes to FCS_TLS_EXT.1

FCS_TLS_EXT.1.1 The TSF shall implement one or more of the following protocols [selection: TLS 1.0 (RFC 2246), TLS 1.1 (RFC 4346), TLS 1.2 (RFC 5246)] supporting the following cipher suites:
Mandatory Ciphersuites:

•  TLS_RSA_WITH_AES_128_CBC_SHA

Optional Ciphersuites:
[selection:

• None
• TLS_RSA_WITH_AES_128_CBC_SHA
• TLS_RSA_WITH_AES_256_CBC_SHA
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA
• TLS_RSA_WITH_AES_128_CBC_SHA256
• TLS_RSA_WITH_AES_256_CBC_SHA256
• TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA
• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA
• TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA
• TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
• TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
• TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
• TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256
• TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384

].

Application Note:

The ST author must make the appropriate selections and assignments to reflect the TLS implementation.

The ciphersuites to be tested in the evaluated configuration are limited by this requirement. The ST author should select the optional ciphersuites that are supported; if there are no ciphersuites supported other than the mandatory suites, then "None" should be selected. If administrative steps need to be taken so that the suites negotiated by the implementation are limited to those in this requirement, the appropriate instructions need to be contained in the guidance called for by AGD_OPE.

The Suite B algorithms (RFC 5430) listed above are the preferred algorithms for implementation. The TLS requirement may be changed in the next version of the HCD PP to comply with CNSSP 15 and NIST SP 800-131A.

Changes to FCS_TLS_EXT.1 Test 2a

[Conditional: TOE is a server] Modify at least one a byte in the server's nonce in the Server Hello data of the client's Finished handshake message, and verify that the server denies the client's Finished handshake message rejects the connection and does not send any application data.

See issue description.