The ODETTE organization is currently conducting OFTP2 interoperability tests.
The list of tests is regularly updated to reflect changed security requirements and findings from previous interoperability tests.
The 2019 interoperability tests will require each certified system to perform a total of 8 new tests against a randomly selected different certified system in order to continue to receive certification. This includes testing for the following criteria:
OFTP2 certificate exchange test after test case modification
This tests whether all systems support the exchange of X.509- certificates via OFTP2, both the overlapping exchange, e.g. if a certificate expires, and in the meantime the old and the new certificate are valid, and the replacing exchange, e.g. if a certificate is withdrawn, and only the new certificate is valid.
Session authentication test
This ensures that an OFTP2 connection is only established if both sides use the same security settings, and the security cannot be overridden by one side attempting to downgrade the connection from OFTP2 to OFTP1.
Use of TLS 1.2
All systems must be able to and prefer TLS 1.2 as well as TLS 1.0.
Using PFS (Perfect Forward Secrecy) cipher suites
PFS cipher suites are a combination of algorithms used in TLS connections that make it impossible to subsequently decrypt a connection, even if the private key of the server certificate being used is obtained. All systems should prefer or exclusively use PFS cipher suites.
Correct use of TLS client certificates
When establishing a TLS connection, both sides can authenticate themselves using certificates, i.e. not just the system that acts as the server, as is common with HTTPS. The tests ensure that connections can only be established if the certificates also have the necessary properties (Extended Key Usage, such as Server Authentication and Client Authentication) and are actually valid and have not expired.
Benefit from the advantages of data transmission with OFTP2 and contact our sales team today:
by telephone at +49 (0)811 9592-430
or by email at sales(@)huengsberg.com.