So we are working on making a product of one of our clients common criteria compliant. We are using tls-cc-tools for running FCS_TLSC tests but we are unable to run FCS_TLSS_EXT.1.1 test 5. Please tell how can we run those tests. where we have to make modifications in the packet.
Asked
Active
Viewed 198 times
0
-
Tool recommendations are off-topic here. Questions about modifying the packet **might** be on-topic on https://stackoverflow.com – Tom K. Feb 14 '18 at 08:32
-
Crosspost on SO: https://stackoverflow.com/questions/48781684/how-to-run-fcs-tlss-tests-of-for-common-criteria-evaluation – StackzOfZtuff Feb 16 '18 at 08:14
1 Answers
1
If you are using vanilla OpenSSL, you will pass Common Criteria TLS traffic modification tests. If you are using something else and is unsure, you will have to write your own client to send modified packets.
Generally, it will be up to a CC lab to run these tests to certify your product. They will have their own tools and methods.
Keep in mind, NIAP constantly issuing technical decisions, some are revisions and clarifications on how to conduct TLS testing.
Kirill Sinitski
- 989
- 6
- 12