NIAP: View Technical Decision Details
  NIAP  »»  Protection Profiles  »»  Technical Decisions  »»  View Details  
TD0556:  NIT Technical Decision for RFC 5077 question

Publication Date

Protection Profiles

Other References
NDSDv2.2, FCS_TLSS_EXT.1.4, Test 3

Issue Description

The NIT has issued a technical decision for RFC 5077  where the testing for part A of FCS_TLSS_EXT.1.4 Test3 can lead to a situation where the TOE correctly obeys RFC 5077 for Session Ticket Renegotiation but does not pass the tests as worded.see 


The issue is acknowledged and FCS_TLSS_EXT.1.4 test case 3(a) shall be modified as follows:

shall be replaced by

The evaluator shall permit a successful TLS handshake to occur in which a session ticket is exchanged with the non-TOE client. The evaluator shall then attempt to correctly reuse the previous session by sending the session ticket in the ClientHello. The evaluator shall confirm that the TOE responds with an abbreviated handshake described in section 3.1 of RFC 5077 and illustrated with an example in figure 2. Of particular note: if the server successfully verifies the client's ticket, then it may renew the ticket by including a NewSessionTicket handshake message after the ServerHello in the abbreviated handshake (which is shown in figure 2). This is not required, however as further clarified in section 3.3 of RFC 5077.

For further information, please see the NIT interpretation at:


See issue description.

Site Map              Contact Us              Home