TD0793: Alignment of FCS_TLSS_EXT.5:2 with RFC 8446
Publication Date
2023.10.11
Protection Profiles
PKG_TLS_v2.0
Other References
FCS_TLSS_EXT.5:2
Issue Description
FCS_TLSS_EXT.5 disallows session resumption for TLS 1.3 inconsistent with RFC 8446. Resolution
The second test for FCS_TLSS_EXT.5 in PKG_TLS_v2.0 is modified as follows, with green highlights and underlines indicating additions and red highlights with strikethroughs indicating deletions:
Test FCS_TLSS_EXT.5:2: For [conditional] If TLS 1.3 is selected in FCS_TLSS_EXT.1.1, the evaluator shall allow the TOE and test client to complete a compliant handshake and resumption information is established. The evaluator shall modify a byte of the session ticket. The evaluator shall then attempt to resume the session using the altered session ticket and verify that the TSF does not resume the session, but instead either terminates the session or completes a full handshake, ignoring the resumption information. Justification
See issue description. |