NIAP: View Technical Decision Details
NIAP/CCEVS
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0403:  Conditional Testing with TLS Session IDs

Publication Date
2019.04.12

Protection Profiles
PP_BASE_VIRTUALIZATION_V1.0

Other References
FCS_TLSS_EXT.1; FCS_TLSS_EXT.2.1

Issue Description

For the App PP, TD0131 makes FCS_TLSS_EXT.1.1 Test 4.5 conditional based on whether the TOE supports session IDs. A similar issue exists in the Base Virtualization PP for FCS_TLSS_EXT.1. Test 4, Bullet #4.

Resolution

For FCS_TLSS_EXT.1.1 and FCS_TLSS_EXT.2.1, Test 4 Bullet #4 is modified as follows per the underlined text:

[conditional] After generating a fatal alert by sending a Finished message from the client before the client sends a ChangeCipherSpec message, send a Client Hello with the session identifier from the previous test, and verify that the server denies the connection. This test is not required for applications with a TLS implementation that does not support session IDs.

Justification

See issue description

 
 
Site Map              Contact Us              Home