Archived
TD0040: Clarifications to Tests for TLSS Requirements in MDM PP V2.0
Publication Date
2015.04.01
Protection Profiles
PP_MDM_V2.0
Other References
PP_MDM_V2.0, requirement FCS_TLSS_EXT.1.1
Issue Description
The following tests for FCS_TLSS_EXT.1.1 need clarifications:
In any case, a TLS server MUST NOT generate an alert if processing an RSA-encrypted premaster secret message fails, or the version number is not as expected. Instead, it MUST continue the handshake with a randomly generated premaster secret. It may be useful to log the real cause of failure for troubleshooting purposes; however, care must be taken to avoid leaking the information to an attacker (through, e.g., timing, log files, or other channels.)
Resolution
Test 3: Change wording to: Test 3: The evaluator shall use a client to send a key exchange message in the TLS connection that the does not match the server-selected ciphersuite (for example, send an ECDHE key exchange while using the TLS_RSA_WITH_AES_128_CBC_SHA ciphersuite or send a RSA key exchange while using one of the ECDSA ciphersuites.) The evaluator shall verify that the TOE sends a fatal alert after receiving the client’s change cipher spec message. Test 4, bullet 2: Change wording to: Modify the signature block in the the client’s Certificate Verify handshake message (if using mutual authentication) and verify that the server denies the client’s Finished handshake message. Test 4, bullet 5: Change wording to: Send a valid Server Finished message in plaintext and verify the client sends a fatal alert upon receipt and does not send any application data. The server’s Finished message shall contain valid verify_data and shall parse correctly using a network protocol analysis tool. Justification
The changes clarify and correct the tests and ensure that they are performed in accordance with the TLS RFCs. |