Specifications

Security Target Version 1.0 9/29/2014

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384,

TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256,

TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 ].

Component Assurance Activity:

In order to show that the TSF implements the RFCs correctly, the evaluator shall ensure that the

TSS contains the following information:

For each section of each applicable RFC listed for the FCS_TLS_EXT.1 elements, for all

statements that are not 'MUST' (for example, 'MAY', 'SHOULD', 'SHOULD NOT', etc.),

if the TOE implements such options it shall be described in the TSS. If the included

functionality is indicated as 'SHOULD NOT' or 'MUST NOT' in the standard, the TSS

shall provide a rationale for why this will not adversely affect the security policy

implemented by the TOE;

For each section of each RFC, any omission of functionality related to "MUST" or

“SHOULD” statements shall be described;

Any TOE-specific extensions, processing that is not included in the standard, or

alternative implementations allowed by the standard that may impact the security

requirements the TOE is to enforce shall be described.

The evaluator shall check the TSS to ensure that the ciphersuites specified are identical to those

listed for this component. The evaluator shall also check the operational guidance to ensure that it

contains instructions on configuring the TOE so that TLS conforms to the description in the TSS

(for instance, the set of ciphersuites advertised by the TOE may have to be restricted to meet the

requirements). The evaluator shall also perform the following test:

Test 1: The evaluator shall establish a TLS connection using each of the ciphersuites

specified by the requirement. This connection may be established as part of the

establishment of a higher-level protocol, e.g., as part of a HTTPS session. It is sufficient

to observe (on the wire) the successful negotiation of a ciphersuite to satisfy the intent of

the test; it is not necessary to examine the characteristics of the encrypted traffic in an

attempt to discern the ciphersuite being used (for example, that the cryptographic

algorithm is 128-bit AES and not 256-bit AES).

5.2.3 User data protection (FDP)

5.2.3.1 Full Resident Information Protection (FDP_RIP.2)

FDP_RIP.2.1

The TSF shall enforce that any previous information content of a resource is made unavailable

upon the [allocation of the resource to] all objects.

Component Assurance Activity:

'Resources' in the context of this requirement are network packets being sent through (as opposed

to 'to', as is the case when an administrator connects to the TOE) the TOE. The concern is that

once a network packet is sent, the buffer or memory area used by the packet still contains data

from that packet, and that if that buffer is re-used, those data might remain and make their way

into a new packet. The evaluator shall check to ensure that the TSS describes packet processing to

the extent that they can determine that no data will be reused when processing network packets.

The evaluator shall ensure that this description at a minimum describes how the previous data are

zeroized/overwritten, and at what point in the buffer processing this occurs.