* Aditya Kumar: > Suppose, the Server is patched with the FALLBACK flag and its protocol is > set to TLSV1/SSLV23(with TLSV1 as the highest protocol) and then client > tries to connect to Server in TLSV1 and sets FALLBACK flag before > initiating communication with Server. Will the client be able to connect to > Server? Will Server accept this connection?
With the current TLS_FALLBACK_SCSV draft, the connection will succeed. > From my understanding, when Server will see the request with FALLBACK flag > and Server's highest protocol is TLSV1, it will not really consider the > client's request as fallback and will allow the connection. Correct. > This will work only because Server's highest protocol is TLSV1. But > if in future, if the Server is upgraded to support TLS1.1 or TLS1.2, > then the same connection from client will fail. Correct as well. That's why I called TLS_FALLBACK_SCSV a time bomb if used outside of a fallback scenario: A lot of developers seem to assume that they have to change their application to set the flag SSL_MODE_SEND_FALLBACK_SCSV, when in fact they had to do nothing. The fact that SSL 3.0 had already been “fixed” in 1999 (or whenever OpenSSL introduced support for it), through the upgrade to TLS 1.0[*], was not communicated properly. [*] Some caveats apply. You should at least use TLS 1.1. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
