TD0731: Clarification of TLS 2.0 FP test 22.2
Publication Date
2023.04.05
Protection Profiles
PKG_TLS_v2.0
Other References
FCS_TLSS_EXT.1
Issue Description
Test case 22.2 of the TLS FP 2.0 does not clearly indicate whether the supported_versions extension should be sent and how it applies for TLS 1.3. Resolution
Test 22.2 under FCS_TLSS_EXT.1 in the TLS Functional Package V2.0 is modified as follows, with strikethroughs denoting deletion and underlines denoting additions: Test 22.2: The evaluator shall follow the operational guidance to configure the TSF to ensure any supported beta TLS 1.3 versions are disabled, as necessary. The evaluator shall send the TSF a client hello message indicating the supported version (referred to as the legacy version in RFC 8446) with the value '03 04' but without including the supported_versions extension and observe that the TSF either responds with a server hello indicating the highest version supported TLS 1.2 or terminates the connection. Note: Test 22.2 is intended to test the TSF response to non-standard versions, including beta versions of TLS 1.3. If the TSF supports such beta versions, the evaluator shall follow the operational guidance instructions to disable them prior to conducting Test 22.2. Some TLS 1.3 implementations ignore the legacy version field and only check for the supported_versions extension to determine TLS 1.3 support by a client. It is preferred that the legacy version field should still be set to a standard version ('03 03') in the server hello, but it is acceptable that presence of the supported_versions indicating TLS 1.3 (value '03 04') overrides the legacy_version indication to determine highest supported version. Justification
The TLS test client hello should not include a supported_versions extension. Regardless of whether TLS 1.3 is supported, the permitted outcomes from the server are to respond with TLS 1.2 or terminate the session. |