On 10/15/2014 12:26 PM, Mark Adams wrote:
> My understanding is that SSL_MODE_SEND_FALLBACK_SCSV should be set if
> and only if the TLS/SSL session being established is itself an attempt
> to establish a connection with a fallback TLS/SSL version following a
> previous handshake failure. It should not be set by default.

I think you're right about that. I read the Internet-Draft [1] and it
seems to confirm that in section 4 with an exception for previously
negotiated sessions. The OpenSSL documentation [2] says "Send
TLS_FALLBACK_SCSV in the ClientHello. To be set by applications that
reconnect with a downgraded protocol version; see
draft-ietf-tls-downgrade-scsv-00 for details", which seems less clear to
me since it doesn't say when but they do say to read the draft. My
interpretation is set signal TLS_FALLBACK_SCSV after the failure but
before repeating the connection attempt, basically.

1: http://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00#section-4
2:
https://www.openssl.org/docs/ssl/SSL_CTX_set_mode.html#item_SSL_MODE_FALLBACK_SCSV

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-10-15