Test case 22.2 of the TLS FP 2.0 does not clearly indicate whether the supported_versions extension should be sent and how it applies for TLS 1.3.

Test 22.2 under FCS_TLSS_EXT.1 in the TLS Functional Package V2.0 is modified as follows, with strikethroughs denoting deletion and underlines denoting additions:

Test 22.2: The evaluator shall follow the operational guidance to configure the TSF to

ensure any supported beta TLS 1.3 versions are disabled, as necessary. The evaluator

shall send the TSF a client hello message indicating the supported version (referred to

as the legacy version in RFC 8446) with the value '03 04' but without including the

supported_versions extension and observe that the TSF either

responds with a server hello indicating the highest version supported TLS 1.2 or terminates the connection.

Note: Test 22.2 is intended to test the TSF response to non-standard versions,

including beta versions of TLS 1.3. If the TSF supports such beta versions, the

evaluator shall follow the operational guidance instructions to disable them prior to

conducting Test 22.2.

Some TLS 1.3 implementations ignore the legacy version field and only check for the

supported_versions extension to determine TLS 1.3 support by a client. It is preferred

that the legacy version field should still be set to a standard version ('03 03') in the

server hello, but it is acceptable that presence of the supported_versions indicating

TLS 1.3 (value '03 04') overrides the legacy_version indication to determine highest

supported version.

The TLS test client hello should not include a supported_versions extension.

Regardless of whether TLS 1.3 is supported, the permitted outcomes from the server are to respond with TLS 1.2 or terminate the session.