Archived
TD0403: Conditional Testing with TLS Session IDs
Publication Date
2019.04.12
Protection Profiles
PP_BASE_VIRTUALIZATION_V1.0
Other References
FCS_TLSS_EXT.1; FCS_TLSS_EXT.2.1
Issue Description
For the App PP, TD0131 makes FCS_TLSS_EXT.1.1 Test 4.5 conditional based on whether the TOE supports session IDs. A similar issue exists in the Base Virtualization PP for FCS_TLSS_EXT.1. Test 4, Bullet #4. Resolution
07/30/2019: This TD has been archived and superseded by TD0431.
For FCS_TLSS_EXT.1.1 and FCS_TLSS_EXT.2.1, Test 4 Bullet #4 is modified as follows per the underlined text: [conditional] After generating a fatal alert by sending a Finished message from the client before the client sends a ChangeCipherSpec message, send a Client Hello with the session identifier from the previous test, and verify that the server denies the connection. This test is not required for applications with a TLS implementation that does not support session IDs. Justification
See issue description |