Open mclearn opened 1 year ago
TLSWG agreed to place this issue on hold for another version of the NDcPP.
FYI, upon review of the NIAP TLS FP 2.0, their version of this test also does not limit itself to TLS 1.2. See test case 23.3 in the TLS FP 2.0.
Provide the location of the issue FCS_TLSS_EXT.1.1 test 2ii
What is the correction request for the cPP? Please describe. This test is marked conditional on only TLS 1.2 being implemented. However, the NULL cipher codepoint is just as valid for TLS 1.3 as for TLS 1.2. The test should not be conditional.
Describe the solution you'd like Reword as follows: "The evaluator shall send a Client Hello to the server containing only the TLS_NULL_WITH_NULL_NULL ciphersuite and verify that the server denies the connection."
Describe alternatives you've considered N/A
Additional context N/A