Archived
TD0131: Update to FCS_TLSS_EXT.1.1 Test 4.5
Publication Date
2016.12.14
Protection Profiles
PP_APP_v1.2
Other References
Issue Description
FCS_TLSS_EXT.1.1 Test 4.5 cannot be performed when a client application uses a TLS SessionTicket extension in the client handshake because the TLS SessionTicket is established at the end of the TLS handshake and the fatal alerts that are generated cause the session to be aborted before the SessionTicket is submitted. Resolution
For implementations that do not support session IDs, Test 4.5 is not required. Therefore, Test 4.5 for FCS_TLSS_EXT.1.1 is updated as follows:
Test 4.5: After generating a fatal alert by sending a Finished message from the client before the client send a ChangeCipherSpec message, send a Client Hello with the session identifier from the previous test, and verify that the server denies the connection. Test 4.5 is not required for applications with a TLS implementation that does not support session IDs.
Justification
See issue description above. |