Supporting TLSv1.3 in NDcPP (S23c)
TLS is one of the widely used protocols for secure communication channels between connected devices. Security has improved for TLSv1.3 compared to previous versions of TLS. Therefore, the Network iTC wanted to provide support for TLSv1.3 in NDcPP as quickly as possible to allow CC certification of Network Devices supporting the new TLS version. In particular the changes in the TLS handshake led to the need for significant updates of the test activities. In addition, the different cipher suites and construction of identifiers for cipher suites required definition of separate test cases for TLSv1.3 compared to TLSv1.1/1.2. This presentation will explain the differences in evaluation activities in the current update proposal of the Network Device TLS Working Group for NDcPP between TLSv1.1/1.2 and TLSv1.3. While comparisons of TLS1.3 and FIPS 140-2 regarding the requirements on the underlying cryptographic algorithms are already available (FCS_CKM, FCS_COP), the focus of this presentation will be on the protocol related evaluation activities as proposed for NDcPP (FCS_TLSC/S_EXT).