NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0203:  Adding Missing FCS_TLSS_EXT.1.4 Component

Publication Date
2017.05.11

Protection Profiles
PP_CA_v2.0

Other References
FCS_TLSS_EXT.1

Issue Description

The FCS_TLSS_EXT.1.4 component is missing from the PP_CA_v2.0 due to copy-and-paste error.

Resolution

The following text will be added to the FCS_TLSS_EXT.1 SFR in the CA PP .

 

FCS_TLSS_EXT.1.4 The TSF shall present the Supported Elliptic Curves Extension in the Client Hello with the following NIST curves: [selection: secp256r1, secp384r1, secp521r1] and no other curves.

Application Note: If ciphersuites with elliptic curves were selected in FCS_TLSs_EXT.1.1, this component is required. This requirement limits the elliptic curves allowed for authentication and key agreement to the NIST curves from FCS_COP.1(2) and FCS_CKM.1 and FCS_CKM.2. This extension is required for clients supporting Elliptic Curve ciphersuites.

Assurance Activity: The evaluator shall verify that TSS describes the Supported Elliptic Curves Extension and whether the required behavior is performed by default or may be configured.

Tests

Test 1: The evaluator shall configure the server to perform an ECDHE key exchange in the TLS connection using a non-supported curve (for example P-192) and shall verify that the TOE disconnects after receiving the server’s Key Exchange handshake message. 

 

 

Justification

Component inadvertantly omitted during cut and paste operation.

 
 
Site Map              Contact Us              Home