TD0731: Clarification of TLS 2.0 FP test 22.2
Test case 22.2 of the TLS FP 2.0 does not clearly indicate whether the supported_versions extension should be sent and how it applies for TLS 1.3.
Test 22.2 under FCS_TLSS_EXT.1 in the TLS Functional Package V2.0 is modified as follows, with strikethroughs denoting deletion and underlines denoting additions:
Test 22.2: The evaluator shall follow the operational guidance to configure the TSF to
ensure any supported beta TLS 1.3 versions are disabled, as necessary. The evaluator
shall send the TSF a client hello message indicating the supported version (referred to
as the legacy version in RFC 8446) with the value '03 04' but without including the
supported_versions extension and observe that the TSF either
responds with a server hello indicating the highest version supported TLS 1.2 or terminates the connection.
Note: Test 22.2 is intended to test the TSF response to non-standard versions,
including beta versions of TLS 1.3. If the TSF supports such beta versions, the
evaluator shall follow the operational guidance instructions to disable them prior to
conducting Test 22.2.
Some TLS 1.3 implementations ignore the legacy version field and only check for the
supported_versions extension to determine TLS 1.3 support by a client. It is preferred
that the legacy version field should still be set to a standard version ('03 03') in the
server hello, but it is acceptable that presence of the supported_versions indicating
TLS 1.3 (value '03 04') overrides the legacy_version indication to determine highest
The TLS test client hello should not include a supported_versions extension.
Regardless of whether TLS 1.3 is supported, the permitted outcomes from the server are to respond with TLS 1.2 or terminate the session.