NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0794:  Correction to FCS_SSH_EXT.1.7 Test 2

Publication Date

Protection Profiles

Other References

Issue Description

There is a conflict between the security requirements of FCS_SSH_EXT.1.7 and the test activity (Test 2) specified on TD 0574 for TOEs acting as an SSH client.

FCS_SSH_EXT.1.7 requires the TOE must ensure that only the selected algorithms are the only allowed key exchange method for SSH. Test 2 of the test activity specified in TD0574 instructs the evaluator to configure the SSH client to allow only DH-group1-sha1 and the SSH server to allow all the methods selected in the SFR, and verify the connection fails. If the TOE acts as an SSH client, this causes a conflict between the SFR requirement and the test instruction.


FCS_SSH_EXT.1.7 Test 2, as specified in TD0574 is updated as follows, with red highlighted strikethroughs denoting deletions and green highlighted underlines denoting additions:

Test 2: The evaluator shall attempt to establish an SSH connection, using the TSF, where the SSH client peer only allows the diffiehellman-group1-sha1 key exchange and the SSH server TOE is configured according to the algorithms allowed in the SFR. The evaluator shall observe that the attempt fails.


See issue description.

Site Map              Contact Us              Home