Archived
TD0197: Resolve conflict between elements of FCS_TLSS_EXT.1 regarding selecting TLS
Publication Date
2017.05.03
Protection Profiles
PP_CA_v2.0
Other References
FCS_TLSS_EXT.1.1, FCS_TLSS_EXT.1.2
Issue Description
Conflict exists between two elements of FCS_TLSS_EXT.1 where FCS_TLSS_EXT.1.1 allows TLS 1.0. while FCS_TLSS_EXT.1.2 forbids TLS 1.0. Resolution
Application Note for FCS_TLSS_EXT.1.1 is modified to include the following statement: In a future version of this PP TLS 1.0 will be removed and TLS v1.2 will be required for all TOEs.
FCS_TLSS_EXT.1.2 is modified to remove TLS 1.0 from outside the selection. FCS_TLSS_EXT.1.2 The TSF shall deny connections from clients requesting SSL 1.0, SSL 2.0, SSL 3.0, and [selection: TLS 1.0, TLS 1.1, no other TLS versions].
Justification
Since customers will likely be transitioning from TLS 1.0 to TLS 1.2 for a while, TLS 1.0 will remain as a selection/option. |