The Network Interpretations Team (NIT) has issued a technical decision regarding sending the ServerKeyExchange message when using RSA.

To align with NIT interpretation # 201665, the following changes are made to ND SD V1.0.

Test 5d for FCS_TLSC_EXT.1.1 and FCS_TLSC_EXT.2.1 shall be modified as follows:

"Modify the signature block in the Server’s Key Exchange handshake message, and verify that the client rejects the connection after receiving the Server Key Exchange message. This test does not apply to cipher suites using RSA key exchange. If a TOE only supports RSA key exchange in conjunction with TLS then this test shall be omitted."

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfI201665. 

See issue description.