FCS_TLSC_EXT.1:2.2 TLS directions #48
Description
Test FCS_TLSC_EXT.1:2.2 says:
Test FCS_TLSC_EXT.1:2.2: The evaluator shall follow the operational guidance to configure the TSF to ensure any supported beta TLS 1.3 versions are disabled, as necessary. The evaluator shall send the TSF a ClientHello message indicating the supported version (referred to as the legacy version in RFC 8446) with the value '03 04' but without including the supported_versions extension and observe that the TSF either responds with a ServerHello indicating TLS 1.2 or terminates the connection.
Test FCS_TLSC_EXT.1:2.2 is intended to test the TSF response to non-standard versions, higher than indicated in the ClientHello's "highest version/legacy version" supported, including early proposals for 'beta TLS 1.3' versions. If the TSF supports such beta versions, the evaluator shall follow the operational guidance instructions to disable them prior to conducting Test FCS_TLSC_EXT.1:2.2.
However, the TSF in this case is the TLS client, so shouldn't the evaluator receive ClientHellos from the TSF and send ServerHellos to the TSF?