"The application shall [selection: not establish the connection, establish or not establish the connection based on an administrative or user setting] if the peer certificate is deemed invalid."
FCS_HTTPS_EXT.1/Server does not require support for mutual authentication (if the HTTPS server supports mutual authentication, FCS_HTTPS_EXT.2/Server is claimed). Right now, FCS_HTTPS_EXT.1.3/Server and FCS_HTTPS_EXT.2.1/Server are identical. If the TOE does not support mutual authentication, it is unclear what selection should be chosen in FCS_HTTPS_EXT.1.3/Server (previously a selection along the lines of "not require client certificate validation" was included for this use case). Additionally, since FCS_HTTPS_EXT.1.3/Server already has the requirement for how to handle mutual authentication, it's not clear why FCS_HTTPS_EXT.2/Server exists as a separate SFR.
FCS_HTTPS_EXT.1.3/Server states:
"The application shall [selection: not establish the connection, establish or not establish the connection based on an administrative or user setting] if the peer certificate is deemed invalid."
FCS_HTTPS_EXT.1/Server does not require support for mutual authentication (if the HTTPS server supports mutual authentication, FCS_HTTPS_EXT.2/Server is claimed). Right now, FCS_HTTPS_EXT.1.3/Server and FCS_HTTPS_EXT.2.1/Server are identical. If the TOE does not support mutual authentication, it is unclear what selection should be chosen in FCS_HTTPS_EXT.1.3/Server (previously a selection along the lines of "not require client certificate validation" was included for this use case). Additionally, since FCS_HTTPS_EXT.1.3/Server already has the requirement for how to handle mutual authentication, it's not clear why FCS_HTTPS_EXT.2/Server exists as a separate SFR.