NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
Archived TD0131:  Update to FCS_TLSS_EXT.1.1 Test 4.5

Publication Date
2016.12.14

Protection Profiles
PP_APP_v1.2

Other References

Issue Description

FCS_TLSS_EXT.1.1 Test 4.5 cannot be performed when a client application uses a TLS SessionTicket extension in the client handshake because the TLS SessionTicket is established at the end of the TLS handshake and the fatal alerts that are generated cause the session to be aborted before the SessionTicket is submitted.

Resolution

For implementations that do not support session IDs, Test 4.5 is not required. Therefore, Test 4.5 for FCS_TLSS_EXT.1.1 is updated as follows:

 

Test 4.5: After generating a fatal alert by sending a Finished message from the client before the client send a ChangeCipherSpec message, send a Client Hello with the session identifier from the previous test, and verify that the server denies the connection. Test 4.5 is not required for applications with a TLS implementation that does not support session IDs.

 

Justification

See issue description above.

 
 
Site Map              Contact Us              Home