TD0348: FCS_TLSS_EXT.2.4 for TLS 1.2 or higher
Publication Date
2018.08.28
Protection Profiles
PP_CA_V2.1
Other References
FCS_TLSS_EXT.2.4
Issue Description
The supported_signature_algorithms is a new field in TLS 1.2 and does not exist in TLS 1.1. Resolution
FCS_TLSS_EXT.2.4, Test 2 is replaced as follows: Test 2: [conditional] If the TOE supports TLS 1.2 and higher, the evaluator shall configure the server to send a certificate request to the client without populating the supported_signature_algorithm field with the signature algorithm used by the client’s certificate. The evaluator shall attempt a connection using the client certificate and verify that the connection is denied.
Justification
See issue description. |