japit
commented
9 years ago To address discovery of a bad ciphersuite, consider adding administrative control to configure ciphersuites and/or enable/disable browser vendor push of ciphersuite updates.
Note: FCS_TLSC_EXT.1 in the App PP addresses mandatory and optional (selectable) ciphersuites for TLS. Also in the App PP, ALC_TSU_EXT.1.1D addresses timely security updates to fix security vulnerabilities.
consider adding enable/disable FIPS mode as a user-configurable option