Archived
TD0231: FCS_TLSS_EXT.1.2 - Removal of SSL 1.0
Publication Date
2017.08.28
Protection Profiles
PP_MDM_V3.0
Other References
FCS_TLSS_EXT.1.2
Issue Description
The SSL 1.0 protocol was never publically released and the test cannot be executed using the SSL 1.0 protocol. Resolution
SSL 1.0 should be removed from the FCS_TLSS_EXT.1.2 SFR and Test Activity. FCS_TLSS_EXT.1.2 The [selection: TSF, TOE platform] shall deny connections from clients requesting SSL 1.0, SSL 2.0, SSL 3.0 and [selection: TLS 1.0, TLS 1.1, no other TLS version]. Test The evaluator shall send a Client Hello requesting a connection with version SSL 1.0 and verify that the server denies the connection. The evaluator shall repeat this test with SSL 2.0 and SSL 3.0 and any selected TLS versions. The evaluator shall send a Client Hello requesting a connection for all mandatory and selected protocol versions in the SFR (e.g., by enumeration of protocol versions in a test client) and verify that the server denies the connection for each attempt. Justification
See Issue Description; aligns with NIT Decision #201664 https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRfi201664.pdf |