The Network Interpretations Team (NIT) has issued a technical decision regarding failure testing for TLS session establishment.

To align with the NIT interpretation #35, FCS_TLSS_EXT.1.1 Test 3 is revised as follows:

The requestor is correct in the RSA case.  If a ciphersuite requiring RSA key exchange has been selected, then the server must terminate the connection without an alert after receiving the client’s ChangeCipherSpec message or Finished message.  If a ciphersuite requiring Diffie-Hellman key agreement has been selected, then the server may send an alert or simply terminate the connection after receiving the client’s ChangeCipherSpec message or Finished message. Since the server cannot distinguish the different cases the Test Case 3 shall be changed to:

Test 3: The evaluator shall use a client to send a key exchange message in the TLS connection that does not match the server-selected ciphersuite (for example, send an ECDHE key exchange while using the TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite or send a RSA key exchange while using one of the ECDSA ciphersuites.) The evaluator shall verify that the TOE either sends an alert after receiving the client’s ChangeCipherSpec message or Finished message; or terminates the connection after receiving the client's ChangeCipherSpec message or Finished message.

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI35.pdf.

See issue description.