Archived
TD0241: Removal of Test 4.1 in FCS_TLSS_EXT.1.1
Publication Date
2017.09.29
Protection Profiles
PP_APP_v1.2
Other References
FCS_TLSS_EXT.1.1, PP_APP_v1.2
Issue Description
In the Application Software PP (PP_APP_v1.2), FCS_TLSS_EXT.1.1 Test 4.1 tests the client's behavior instead of the server's behavior. Resolution
Test 4.1 for of FCS_TLSS_EXT.1.1 in the App SW PP (PP_APP_v1.2 ) is modified as follows:
Test 4: The evaluator shall perform the following modifications to the traffic:
o Test 4.2: Modify at least one byte in the client’s nonce in the Client Hello handshake message, and verify that the server rejects the client's Certificate Verify handshake message (if using mutual authentication) or that the server denies the client's Finished handshake message.
o Test 4.3: Modify the signature block in the Client’s Key Exchange handshake message, and verify that the server rejects the client's Certificate Verify handshake message (if using mutual authentication) or that the server denies the client's Finished handshake message.
o Test 4.4: Modify a byte in the Clint Finished handshake message, and verify that the server rejects the connection and does not send any application data.
o Test 4.5: After generating a fatal alert by sending a Finished message from the client before the client send a ChangeCipherSpec message, send a Client Hello with the session identifier from the previous test, and verify that the server denies the connection.
o Test 4.6: Send a garbled message from the client after the client has issued the ChangeCipherSpec message and verify that the Server denies the connection.
Justification
The Assurance Activity does not exercise the server functionality and does not apply to TLS server requirements. |