NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0197:  Resolve conflict between elements of FCS_TLSS_EXT.1 regarding selecting TLS

Publication Date
2017.05.03

Protection Profiles
PP_CA_v2.0

Other References
FCS_TLSS_EXT.1.1, FCS_TLSS_EXT.1.2

Issue Description

Conflict exists between two elements of FCS_TLSS_EXT.1 where FCS_TLSS_EXT.1.1 allows TLS 1.0. while FCS_TLSS_EXT.1.2 forbids TLS 1.0.

Resolution

Application Note for FCS_TLSS_EXT.1.1 is modified to include the following statement:

In a future version of this PP TLS 1.0 will be removed and TLS v1.2 will be required for all TOEs.

 

FCS_TLSS_EXT.1.2 is modified to remove TLS 1.0 from outside the selection.

FCS_TLSS_EXT.1.2 The TSF shall deny connections from clients requesting SSL 1.0, SSL 2.0, SSL 3.0, and [selection: TLS 1.0, TLS 1.1, no other TLS versions].

 

 

Justification

Since customers will likely be transitioning from TLS 1.0 to TLS 1.2 for a while, TLS 1.0 will remain as a selection/option.

 
 
Site Map              Contact Us              Home