My team is working on checking common criteria for one of the client products written in Delphi for Windows. The application uses winhttp api to create HTTP requests. We use tls-cc-tools to verify that the application passes all TLSC EXT1.1 validation tests. We were able to limit the cipher suite and enable TLS 1.2, and now test 1, test 4, test 5.1, test 5.2 and 5.3 pass, but the rest of the tests fail. Tests can be found here .
We set the following options in winhttp:
df:={WINHTTP_DISABLE_AUTHENTICATION or }WINHTTP_DISABLE_COOKIES or WINHTTP_DISABLE_KEEP_ALIVE or WINHTTP_DISABLE_REDIRECTS;
WinHTTPSetOption(iconnection, WINHTTP_OPTION_DISABLE_FEATURE,@df,sizeof(df));
protocols := $00000800; //WINHTTP_FLAG_SECURETLS1_2;
WinHttpSetOption(iconnection, WINHTTP_OPTION_SECURE_PROTOCOLS, @protocols, sizeof(protocols));
WinHTTPSetOption(iconnection, WINHTTP_OPTION_SECURITY_FLAGS,
@flags, sizeof(flags));
Test Failure:
3: TLS-, ciphersuite (, ECDSA TLS_RSA_WITH_AES_128_CBC_SHA RSA Ciphersuites ECDSA.) , .
4: TLS_NULL_WITH_NULL_NULL , .
5.5: , - .
5.6: , ChangeCipherSpec , .
, ?