> Well I think I'm completely confused about this option now; "always when
> you fall back" seems to suggest that falling back is an application level
> operation (as opposed to openssl-implemented behaviour), is it? i.e. is the
> onus on the client application to retry with a lower version if it wants to?
> What then is the purpose of the option?
Yes it is completely a client application issued.
The purpose is for the client to tell the server "I tried TLS and that failed
and now I'm using SSLv3" (or whatever versions it ends up using).
> Is there a simple example of a scenario where it would be used?
SSL_new
SLS_connect
...connection failed
Ssl_new
Set fallback flag
Ssl_connect
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
