[cPP Correction] signature_algorithms extension should be required for [D]TLS 1.2 clients

[plughy2]

Provide the location of the issue FCS_DTLSC_EXT.1.5 and FCS_TLSC_EXT.1.5

What is the correction request for the cPP? Please describe. The cPP specifies that [D]TLS 1.2 clients do not need to present the signature_algorithms extension. If a client does not include the signature_algorithms extension then it will use SHA-1 as the hash function (page 47, RFC 5246). NDcPP v3.0 deprecated use of SHA-1 and there are no signature algorithms that use SHA-1 in the NDcPP. In other words, the [D]TLS 1.2 clients need to include the signature_algorithms extension.

Describe the solution you'd like FCS_DTLSC_EXT.1.5: Remove the selection "not present the signature_algorithms extension" FCS_TLSC_EXT.1.5: Remove the selection "not present the signature_algorithms extension"

Application Note 64: In the table under the column "present the signature_algorithms extension" and row "DTLS 1.2 without DTLS 1.3" Change "May select" to "Shall select" Application Note 102: In the table under the column "present the signature_algorithms extension" and row "TLS 1.2 without TLS 1.3" Change "May select" to "Shall select"

Describe alternatives you've considered Going with the requirements as defined in the TLS Functional Package.