NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0231:  FCS_TLSS_EXT.1.2 - Removal of SSL 1.0

Publication Date
2017.08.28

Protection Profiles
PP_MDM_V3.0

Other References
FCS_TLSS_EXT.1.2

Issue Description

The SSL 1.0 protocol was never publically released and the test cannot be executed using the SSL 1.0 protocol.

Resolution

SSL 1.0 should be removed from the FCS_TLSS_EXT.1.2 SFR and Test Activity.

FCS_TLSS_EXT.1.2

The [selection: TSF, TOE platform] shall deny connections from clients requesting SSL 1.0, SSL 2.0, SSL 3.0 and [selection: TLS 1.0, TLS 1.1, no other TLS version].

Test

The evaluator shall send a Client Hello requesting a connection with version SSL 1.0 and verify that the server denies the connection. The evaluator shall repeat this test with SSL 2.0 and SSL 3.0 and any selected TLS versions.

The evaluator shall send a Client Hello requesting a connection for all mandatory and selected protocol versions in the SFR (e.g., by enumeration of protocol versions in a test client) and verify that the server denies the connection for each attempt. 

Justification

See Issue Description; aligns with NIT Decision #201664 https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfi201664.pdf

 
 
Site Map              Contact Us              Home