search

ND-iTC / Documents

ND iTC Document repository (NDcPP, ND SD, and all related files)
MIT License
5 stars 1 forks source link

FCS_TLSS_EXT.1.1 test 2ii does not need to be conditional #269

Open mclearn opened 1 year ago

mclearn commented 1 year ago

Provide the location of the issue FCS_TLSS_EXT.1.1 test 2ii

What is the correction request for the cPP? Please describe. This test is marked conditional on only TLS 1.2 being implemented. However, the NULL cipher codepoint is just as valid for TLS 1.3 as for TLS 1.2. The test should not be conditional.

Describe the solution you'd like Reword as follows: "The evaluator shall send a Client Hello to the server containing only the TLS_NULL_WITH_NULL_NULL ciphersuite and verify that the server denies the connection."

Describe alternatives you've considered N/A

Additional context N/A

kr15tyk commented 1 year ago

TLSWG agreed to place this issue on hold for another version of the NDcPP.

mclearn commented 1 year ago

FYI, upon review of the NIAP TLS FP 2.0, their version of this test also does not limit itself to TLS 1.2. See test case 23.3 in the TLS FP 2.0.