Archived
TD0305: Handling of TLS connections with and without mutual authentication
Publication Date
2018.04.04
Protection Profiles
PP_APP_v1.2, PP_MD_V3.1, PP_MDM_V3.0, PP_OS_V4.1
Other References
FCS_TLSC_EXT.2.1, FCS_TLSC_EXT.1.4, FCS_TLSC_EXT.4.1
Issue Description
TLSC test updates are required for the handling of TLS connections with and without mutual authentication. Resolution
The test activities are modified for the below SFRs as follows: PP_APP_v1.2
Test 2: The evaluator shall establish a connection to a peer server with a shared trusted root that is configured for mutual authentication (i.e. it sends Server’s Certificate Request (type 13) message). The evaluator observes negotiation of a TLS channel and confirms that the TOE responds with a non-empty Client’s Certificate message (type 11) and Certificate Verify (type 15) message.
FCS_TLSC_EXT.1.4 Test 2: The evaluator shall establish a connection to a peer server with a shared trusted root that is configured for mutual authentication (i.e. it sends Server’s Certificate Request (type 13) message). The evaluator observes negotiation of a TLS channel and confirms that the TOE responds with a non-empty Client’s Certificate message (type 11) and Certificate Verify (type 15) message.
FCS_TLSC_EXT.1.4 Test 2: The evaluator shall establish a connection to a peer server with a shared trusted root that is configured for mutual authentication (i.e. it sends Server’s Certificate Request (type 13) message). The evaluator observes negotiation of a TLS channel and confirms that the TOE responds with a non-empty Client’s Certificate message (type 11) and Certificate Verify (type 15) message. PP_OS_V4.1 FCS_TLSC_EXT.4.1 Test 2: The evaluator shall establish a connection to a peer server with a shared trusted root that is configured for mutual authentication (i.e. it sends Server’s Certificate Request (type 13) message). The evaluator observes negotiation of a TLS channel and confirms that the TOE responds with a non-empty Client’s Certificate message (type 11) and Certificate Verify (type 15) message. Justification
See issue description. |