FCS_TLSC_EXT.1.2 conflict in use of other ciphersuites

[woodbe]

At the end of the TLS 1.2 selection, it states "and shall not offer other TLS 1.2 ciphersuites"

then in the App note it states " However, this requirement does not restrict the TOE's ability to propose additional non-deprecated ciphersuites beyond the ones listed in this requirement in its client hello message as indicated in the ST."

The straight interpretation of the SFR is that you can't add anything beyond that list, and then the app note says it's OK. App notes should be informative, not normative, and shouldn't be used to modify the SFR in this way. If other ciphersuites are allowed but not to be claimed, this should be noted in the SFR or more like the TLS 1.3, have no further comment.

The phrase "and shall not offer other TLS 1.2 ciphersuites" should be removed as this will keep the app note as informative and also bring the 1.2 requirements in line with the 1.3 requirements.

[jvdsn]

I agree this is still a problem in the current git revision. I'm trying to implement tests for this requirement and I can't figure out what the evaluator is supposed to do here. What exactly is the intention?

The ciphersuites to be tested in the evaluated configuration are limited by this requirement.

and

However, this requirement does not restrict the TOE's ability to propose additional non-deprecated ciphersuites beyond the ones listed in this requirement in its ClientHello message as indicated in the ST. That is, the TOE may propose any ciphersuite not excluded by this element, but the evaluation will only test ciphersuites from the above list.

seem to imply that the evaluator needs to only test that the selected TLS 1.2 cipher suites work correctly, but that the TOE is allowed to advertise other ciphersuites, even in the evaluated configuration.

However,

and shall not offer other TLS 1.2 ciphersuites

and

It is necessary to limit the ciphersuites that can be used administratively in an evaluated configuration on the server in the test environment.

seem to imply that the TOE, in the evaluated configuration, is not allowed to offer any other TLS 1.2 ciphersuites.

Ideally this issue would be addressed before publication, this seems like a prime target for a TQ. Vendors will obviously interpret this in the most lenient way possible, and CCTLs will probably follow.