Kai,
On 10/21/2014 05:31, Kai Engert wrote:
So, let's get this clarified with test results.
I've tested Firefox 34 beta 1.
Because bug 1076983 hasn't landed on the beta branch yet, the current
Firefox 34 beta 1 still has SSL3 enabled.
With this current default configuration (SSL3 enabled), Firefox will
fall back to SSL3.
Then I used about:config and changed security.tls.version.min to 1
(which means TLSv1, thereby disabling SSL3).
With SSL3 disabled, Firefox 34 no longer falls back to SSL3.
When attempting to connect to a SSL3-only server, I see Firefox 34
attempting three connections, with TLS 1.2 {3,3}, TLS 1.1 {3,2} and TLS
1.0 {3,1}, but not SSL3.
That's a lot of fallbacks.
Do we know of TLS 1.0 servers that reject connections with TLS 1.2 or
1.1 in ClientHello instead of falling back to 1.0 ?
Or TLS 1.1 servers that reject connections with 1.2 in ClientHello
instead of falling back to 1.1 ?
Just how many broken servers are there out there ?
Julien
--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto